Sandbox Tor Browser's content renderer processes more strictly

Since we have enabled Electrolysis (e10s), we confine these processes in exactly the same way as the parent Firefox process. I’m pretty sure they could be confined much more strictly, without impacting UX whatsoever. And while we’re at it, maybe some permissions we currently grant to the parent Firefox process are not needed anymore, as it does less work.

Feature Branch: feature/12679-sandbox-firefox-content-renderers

Related issues

Related to #15717 (closed)
Blocked by #12653 (closed)
Blocks #13245 (closed)

Original created by @intrigeri on 12679 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information