mixed content site setting from private mode should not apply in regular browsing mode

[diracdeltas]

• Steps to reproduce:
  1. open https://mixed-script.badssl.com/ in a private tab
  2. click the lock icon and allow mixed content
  3. open the same page in a regular tab and observe mixed content is still allowed
• Expected behavior:
  site-specific settings should never leak from private browsing to regular browsing because this opens up ways for a malicious page to figure out what sites have been visited in private browsing mode. leaks in the other direction (from regular into private) are less serious.
• Any related issues:
  Allow per site Bravery settings in private tabs #1824

cc @bridiver

[diracdeltas]

status of all the site settings WRT private -> non-private leakage:

• zoomLevel: doesn't seem to leak
• permissions: shouldn't leak since this uses temporarySiteSettings
• savePasswords: leaks but is fine since it requires consent and isn't very useful otherwise
• shieldsUp / adControl / cookieControl / safeBrowsing / httpsEverywhere / fingerprintingProtection: these are not editable in private mode thanks to Allow per site Bravery settings in private tabs #1824
• noScript: leaks
• flash: leaks
• ledgerPayments: private browsing sites don't show up in the synopsis so this is okay too
• runInsecureContent: should be fixed by Re-block running insecure content #3808

so it seems that only runInsecureContent, noScript, and flash need to be fixed for now

[diracdeltas]

this was accidentally auto-closed; i'll edit the title to be the issue that was actually closed and move the rest to 0.12.2

[diracdeltas]

Sorry, I forgot to mention for QA's sake that it was decided that private tabs should not be able to allow mixed content in the first place. But mixed content settings from regular mode should not apply in private mode.