Mark users with custom noscript settings as having a custom security level

Both the browser preference browser.security_level.noscript_persist and the NoScript preference "Override Tor Browser's Security Level preset" allow a user to have a non-preset security level, and this may be across all sites visited. E.g. they enabled media on all sites, even though they have the safest security level.

These users are doing more than we support, but I wonder whether we should detect them (at startup only) and mark these users as having a custom security level.

@ma1 what do you think?

I think there are two main outstanding questions:

1. If a user only has per-site exceptions, should we mark their session as custom? Or only if their custom preferences have global implications?
2. Should we clear browser.security_level.noscript_persist and the NoScript preference "Override Tor Browser's Security Level preset" when such a user changes their security level? If we don't, the only way for the user to get out of the custom state is for them to manually change these values, which they may have forgotten about, or not realise are effecting their security level. On the other hand, it may be controversial to override the "Override Tor Browser's Security Level preset" option. Although, I'm not sure why such a user would be switching security level anyway.

/cc @pierov @ma1 @morgan