Backport ESR 102.3 security fixes to 91.13-based Tor Browser

https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/

The list of issues:

• CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1782211
• CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1787633
• CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1779993
• CVE-2022-40956: Content-Security-Policy base-uri bypass
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1770094
• CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360
    • merged; marked as esr91 unaffected in bug report but flag was added after esr91 was done receiving updates so vOv
    • didn't apply cleanly
    • gecko-dev: 3f81dec850ee679b4da8067c2b5315a74776fa4a
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1776655
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1777574
    • not merged; unaffected according to bug report; regression due to feature added in 101 so no merge
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1784835
    • not merged; unaffected according to bug report; regression due to feature added in 96 so no merge
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1785109
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1786502
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1789440
    • merged
    • didn't apply cleanly
    • gecko-dev b4f40f882543efcf26ed5696512ea83eb0d5ded5

@tom can you add me to these issues please :)