Reset identity via Torbutton both after using SecureDrop

[psivesely]

It would be good to instruct everyone accessing the SecureDrop web interface to reset their identity after visiting the page. Even though Tor Browser does isolate most of it's state between sites and closes the rendezvous point circuit to once you've navigated away from a site, it's probably safest to do things this way because not everything has been wiped from memory. For example, if you press ctrl+shift+t (on Linux) after closing a tab, Tor Browser will re-open it. So it would be best practice to reset identity after using SD if you wish to continue using Tor Browsers.

[garrettr]

@fowlslegs Either reset identity via TorButton, or just quit the browser (not just close the window) when they're done. Remember when bank and credit card processor websites would tell you to do that? That was so your session cookies would get cleared by the browser shutdown. It was always kind of stupid when they did it, but it makes more sense in our weird use case where cookies with Expires: might actually be more of a forensic risk than session cookies.

We could add a message encouraging either a reset or a full browser shutdown after a source logs out, which is being added in #1165.

As far as choosing between resetting identity or shutting the browser down, I'm not sure which is better. "Reset Identity" is a nicer user experience, IMO, since it brings that back into a "fresh" Tor Browser.