Support domain isolation for onion connections too?
Right now there's a timing channel leak between isolation domains, where one isolation domain can get some hints about whether I've been to a certain onion domain lately, because if I have (and I have a cached onion descriptor, and/or an open rendezvous circuit) then it will load faster.
If we tagged intro and rendezvous circuits with their socks isolation domains, and we tagged cached onion descriptors with their socks isolation domains, then we could remove this timing channel -- but at the cost of a bunch more work and delays for connections that are already high-work and high-delay.
I'm not sure if it's worth it on the Tor side, especially since this is just a timing channel. But I bet somewhere out there are Tor Browser users who are expecting the tab isolation to work, and I fear that it doesn't (fully) when it comes to onion services.