Add our reasoning for dealing with the XPI signing to our design document

We missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.

added component::applications/tor browser gitlab-tb-tor-browser-spec owner::tbb-team parent::25021 priority::medium severity::normal status::new tbb-spec type::defect labels

Trac:
Cc: N/A to mcs, brade

Should be straightforward to add this under "Other Security Measures". Nowadays this only affects HTTPS Everywhere. We should point out why we want to use EFF's signature here and could generally point out our efforts trying to just ship the extensions via our own in-browser update mechanism and not via AMO/external auto-updating.

Trac:
Parent: N/A to #25021 (moved)

Add magic gitlab keyword.

Trac:
Keywords: N/A deleted, gitlab-tb-tor-browser-spec added

moved to tpo/applications/tor-browser-spec#21922