Move the crypto protection patch earlier in the patchset

The patch for bug #40209 (closed) (e.g., ae81c697) could be moved to be with security level and new identity (so, possibly part of base browser, or be the first excluded patch).

The only problem is that it depends on TorStrings.jsm.

We should either wait for #40924 to be completed, or do a workaround, like I've done for #40925 and #40926 (closed).