Many add-ons have somewhat spookiy authorisation requirements, such as “access all of your activity”. In many cases this is justified by it’s function, and of course there isn’t any problem with it as long as we’re sure all this data stays on your computer and isn’t shared with any remote server. How are we sure of that tho? Is there an easy way to check for each add-on ?
Nope, it'd give details. Combing through and decrypting those details is another matter, though.
You can MITM yourself and setup your own CA, no?
If you so chose to, yep.