Consider adding support for opening links in networked dvm

[eloquence]

When a source sends a URL that accompanies a submission, journalists may want to visit it securely.

Right now, URLs are rendered as plain-text, and the journalist has to manually copy and paste them into a secure environment, such as a networked disposable VM. This means we rely on the journalist/admin to prepare such a secure environment, which introduces a risk for security mistakes.

Some open questions to seed discussion, if we agree that this is a desirable feature in principle:

• Should a security warning be displayed the first time / every time?
• Should the link be opened in a networked disposable VM with Tor, or in a disposable VM without Tor? Or should both be available?
• If we use Tor Browser, can we rely on existing update mechanisms to keep it up-to-date?
• What, if any, mechanisms do we need to implement to guard against specific strategies for spoofing addresses (e.g. via homograph attacks), suspicious query strings, etc.?

[zenmonkeykstop]

Still a bit contentious, can be revisited once we get deeper into the client backlog

• want journo feedback as to how important it would be/ what they currently do
• could treat similarly to DZ/Signal, address via docs/KB first, then think about implementing as a workstation feature if needed.