TabGuard interrupts browsing too frequently

In #41112 (closed), we explored several (not mutually exclusive) ideas to reduce the impact of TabGuard's warnings:

1. Tie TabGuard to the "Safer" security level. This idea was shelved because "Standard" security level users are the most vulnerable, see: #41112 (comment 2831325).
2. Integrate TabGuard into Tor Browser's native UX, using an infobar, and hide the default NoScript dialog. This idea was postponed in favor of implementing option 3.
3. "Quiet" TabGuard by reducing the frequency the NoScript dialog appears by automatically anonymizing most requests. @ma1 ultimately implemented this strategy in time for Tor Browser 13.5, and now all security levels default to "Prompt before POST submissions".

However despite this fix, there are still issues:

1. Unfortunately TabGuard still interrupts browsing several times per session, for me.
2. This is the only NoScript branded UI encountered during regular browsing, which I imagine is surprising for users who aren't familiar with NoScript.
3. The content of the dialog and outcome of the two options presented ("Load anonymously" and "Load normally") may be difficult for users to understand.
4. Sometimes I get a "This connection has timed out" neterror on the website I'm trying to load, immediately after selecting an option in TabGuard.
5. In the event the user clicks outside the dialog (i.e. elsewhere in Tor Browser), the browser window is focused with the TabGuard window layered underneath. This gives the impression that the TabGuard warning has been dismissed, however the website still doesn't load.

@morgan Given these issues, and assuming there aren't additional steps @ma1 can take to further "quiet" TabGuard, I'd like to re-open the discussion about ideas 1. and 2. (or any other ideas people may have). I understand that the attack surface of a targeted deanonymization side channel attack is large, but the authors also emphasize the following:

The attack impact may be different for different categories of Internet users. If you are an average user, you may not perceive this as a privacy threat (although this is highly dependent on each user’s particular circumstances). However, if you belong to certain categories of users, then you may be significantly impacted. Individuals who organize and participate in political protest, who work as journalists reporting on inconvenient topics, network with fellow members of their minority group, or even purchase embarrassing or potentially incriminating personal items, may risk their life and liberty if their identity becomes known to malicious actors.

How easy is it for an adversary to employ an attack like this? Would we recommend users belonging to these groups use Tor Browser at the "Standard" security level, in the first place? I do not believe we have a consensus on what security levels pertain to which of our users' threat models (besides "Safest", which is more obvious), however aren't there other potential targeted attacks (e.g. via JavaScript) that could be exploited at the "Standard" security level? On the other hand Tails ships with Tor Browser's default security settings, I believe, and the threat model(s) of Tails users certainly do overlap with the authors' examples.

Alternatively, integrating TabGuard with native UX could potentially mitigate issues 2, 3, and 5. – but wouldn't reduce the overall frequency of these warnings. However, would it be less disruptive (given the number of potential false positives) to automatically anonymize all cross-site requests but provide UX to reload the page normally in the case it's genuinely necessary? Perhaps this could also be done in conjunction with exposing TabGuard's settings somewhere in about:preferences?

Disclaimer: These are just ideas to get the discussion started, and may be problematic for various reasons.