Define and test expected behaviour of tor browser without private windows

At the moment we allow some users to switch off permanent private browsing, which is accessible via about:preferences. Usually in order to remember history, login cookies, etc.

However, in practice, non private browsing is given little consideration when implementing features. Moreover, we hardly test behaviour for non private browsing.

As an initial step, we should work with UX to determine what tor browser without permanent private browsing should look like:

1. What level of support do we want to give to using the browser with non-private windows?
2. What are the user's privacy expectations when they switch to this non-private mode?
3. Do we want it to be easily accessible via the UI (as it is now)?
4. Do we need to warn users about switching off permanent private browsing, and the protections they are loosing? Do we need to guide users to still enable some protections, like clearing cookies between sessions.
5. Are we going to try and patch up privacy holes in non private browsing? There are some firefox privacy features that are switched on by default for private browsing, and I'm not sure how many of these we rely on.
6. Do we need to add any special considerations when the user has both a non-private window and a private window open? E.g. sharing circuits for the same domain in different contexts.
7. What priority should we give to addressing user experience flaws with non-private browsing that aren't necessarily privacy or security issues? E.g. about:torconnect does not initially load.

/cc @donuts @felicia @morgan @ma1 @pierov