Do not offer to open internally attachments that can run scripts in the browser

For #42220, I implemented a patch that always opens files served with Content-disposition: attachment.

I didn't consider a thing that was suggested to me upstream: HTMLs and other files that run scripts (SVG, etc...) will run on the origin they are served from, instead of a local one.

So, we shouldn't let users open them in the browser, but instead we should force a download first (i.e., send through the download confirmation dialog first in our default settings). We should then prevent those files to appear in the "Applications" section of about:preferences, or remove the "Open with Tor Browser" from there for them (for reasons already explained in the related bugs).

I wonder if there's a list of "scripts-enabled formats" already in Firefox.

/cc @ma1 @jwilde