Fix Android NoScript automatic updates

marking as confidential since old NS releases can contain exploits? IDK .. just not happy sharing with the public

@ma1 one of the things I fingerprint is htmlelement keys - until recently I did this on a div on the content doc. I changed this to an a element whilst I determine what/how to collect all element keys and tie in function properties as well

This is not a FPing problem, per se, as all users will be on the same ESR and nothing should ever change in the ESR cycle - so like the other JS attack template type tests (all windows properties, all css properties, etc), I add a health check

But one thing that NS does, is that it can add keys e.g. set innerHTML,set outerHTML etc - this seems to be dependent on the NS release version. Currently (all 115.6.0esr)

desktop is 11.4.29 (and updates itself)
android release is on 11.4.24
android alpha is on 11.4.11

It seems as if android versions don't update NS? And 11.4.11 didn't (fingerprintwise) inject properties into element keys - but since 11.4.24 at least, it does

So what is the state of NS updates on android? Surely we want all users to be up to date - I see 11.4.11 is from Sept 14th 2022. Is this just the alpha build not bundling an up to date version of NS - but that still doesn't explain why they're both out of sync with desktop - maybe this is a design decision? IDK

Class, discuss! cc @pierov fyi

Also - I think there's probably a ticket somewhere already, but addons in android have no restrictions - you can disable/remove NS and add extensions, and Mozilla adds it's recommended addons cruft as well cc: @dan @clairehurst

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information