Don't allow the desktop user to pass arguments to tails-upgrade-frontend (Closes: #7410)
... and accordingly update the design document and manual test suite steps. The tails-upgrade-frontend program is run as the tails-upgrade-frontend user, that is basically equivalent to root. Some of the available tails-upgrade-frontend options might be dangerous. I've looked at it quickly and didn't find anything scary, but still, it's simply not worth taking the risk of privilege escalation, persistent root kit implementation, and so on. Strictly speaking, this change does not really belong to bugfix/7345-upgrade-from-iso-from-1.0-to-1.1, and could have been implemented separately. However, this branch introduces running as root a syslinux binary taken from the installed IUK, so it raised the flag that made me want to lock this down a bit more.