Thunderbird: run /usr/local/bin/tor-browser unconfined instead of under the sanitized_helper profile (refs: #17105)

The sanitized_helper profile will allow our tor-browser wrapper script to run
basically any executable, including the firefox binary, which is intended.
But under sanitized_helper, such execution is subject to environment scrubbing,
that is: the tor-browser wrapper script cannot pass environment variable to Tor
Browser… which breaks some Tor Browser functionality. For example, videos played
in Tor Browser would have no sound, whenever Tor Browser had been started by
clicking a URL in Thunderbird.

Instead, let's start /usr/local/bin/tor-browser unconfined with Ux,
that is:

 - Ux scrubs the environment before executing /usr/local/bin/tor-browser, which
   protects this script against an exploited Thunderbird.

 - When the /usr/local/bin/tor-browser wrapper starts Tor Browser, it will
   be confined under the torbrowser_firefox profile by Linux, as intended,
   because that profile is attached to the path of the Firefox binary.