Get critical parts of Tails audited

Originally created by @jvoisin on #14508 (Redmine)

It would be nice to have to following parts or Tails audited:

Audit whatever upgrade mechanism we replace the current Tails Upgrader with in the “Rethink upgrade/installation” effort (possible in ca. 2 years probably).
- Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ca. 1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.)
Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
Torification escapes for the Live user and other critical users
Persistence
- Arbitrary persistence by the Live user
- Permissions of the device and data of the persistent device (Audit should be less than a day)
Audit anonym’s Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)

Edited Oct 18, 2020 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information