Support viewing of html files

[philmcmahon]

When opening a html file in securedrop workstation the viewer VM opens with a message:

Denied: qubes.OpenInVM

Since this VM is offline, would it be safe to just open the file in a browser? If not, gedit would be better than failing entirely, perhaps with a helpful message "Opening HTML files in a browser is considered unsafe" or similar

[rocodes]

Some options could include:

• previewing in Firefox
• converting to pdf with unoconv and viewing (already installed in the template, used for converting files before printing in the sd-devices VM)
• falling back to gedit/text editor viewing

[eaon]

If we add Firefox to the mix of software we install into the large template, we would probably want to ship a hardened default profile as well. I'm thinking NoScript installed and enabled, maybe "blackholing" proxy settings to ensure that even if a DispVM somehow ends up with a network connection that loading resources doesn't happen out of the gate.

I don't think I'm a fan of showing folks HTML in gedit /gnome-text-editor, I think if we'd want to do that, processing the file with html2text first would be better.

[zenmonkeykstop]

Moving to securedrop-client. As a first iteration we should open the HTML in a text editor (gedit or similar), punting on the browser question for now.