Improve Tor2Web detection and handling

[zenmonkeykstop]

SecureDrop currently attempts to detect tor2web proxies using the X-tor2web header, displaying a warning and linking to a static page recommending the use of Tor Browser instead. Since this was implemented that header is no longer being set, meaning that tor2web users are not being warned. Some tor2web gateways also link to proxied versions of SecureDrop instances, which could result in search engine bots crawling said instances.

Given SecureDrop's basic requirement to preserve source anonymity, tor2web detection should be improved, and the warning replaced with a redirect to a dead-end static page that provides appropriate security guidance for potential sources.

Potential steps include:

• update tor2web detection response, replacing warning flash message with a redirect to a static page. #6291
• add robots.txt and a nofollow robots meta tag to dissuade legitimate crawlers from crawling tor2webb-ed instances #6292
• investigate and implement improvements to header-based tor2web detection for current active tor2web proxies #6293
• add Javascript code to SI index page to detect tor2web usage in non TBB browsers. #6294