Find a nicer way to add exceptions from mandatory signing for our Tor Browser add-ons

The current approach is 415f520fde6f84c5f32ff3769f16f42c8209137d, where we unpack and patch the relevant files in the omni.ja archives. We should upstream this to Tor Browser somehow so we don’t have to carry this delta.

A discussion about this has slowly been started a while back here: https://lists.torproject.org/pipermail/tbb-dev/2017-April/000515.html

It would be good to fix this before Tor Browser drops their current hack and signs their extensions: https://trac.torproject.org/projects/tor/ticket/26553. Otherwise we’ll have to make our hack even worse: instead of “merely” adding an add-on to the whitelist we would have to carry the entire whitelist code as part of our delta.

Regarding timing, Georg told us it “will be 9.0 material if at all”. Tor Browser 9.0 Firefox 68 Oct 2019.

Related issues

Related to #15023 (closed)
Related to #16048
Blocks #16209

Original created by @anonym on 12571 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information