Security fixes
Upgrade Tor Browser to 7.5.5 (MFSA 2018-14; closes: #15643).
Upgrade Thunderbird to 52.8.0 (DSA-4209-1; Closes: #15607).
Upgrade cURL to 7.52.1-5+deb9u6 (DSA-4202-1).
Upgrade GnuPG (modern) 2.1.18-8~deb9u2 (DSA-4222-1).
Upgrade GnuPG (legacy) to 1.4.21-4+deb9u1 (DSA-4223-1).
Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4212-1).
Upgrade PackageKit to 1.1.5-2+deb9u1 (DSA-4207-1).
Upgrade procps to 2:3.3.12-3+deb9u1 (DSA-4208-1).
Upgrade wavpack to 5.0.0-2+deb9u2 (DSA-4197-1).
Upgrade wget to 1.18-5+deb9u2 (DSA-4195-1).
Upgrade xdg-utils to 1.1.1-1+deb9u1 (DSA-4211-1).
Bugfixes
Fix setting a screen locker password with non-ASCII characters
(Closes: #15636).
WhisperBack:
Minor improvements
The "Zero Trace Pen documentation" desktop launcher now opens /doc instead of
the aging /getting_started that confused people during user testing
(Closes: #15575).
Test suite
Update to match "Zero Trace Pen documentation" behaviour change.