The script "principal" comes from the page origin, so in order to run privileged script the page itself needs to be in the signed archive. What you're trying to do simply won't work. It's been this way for a long time because the type of mixing you are trying to do led to security holes.
Although code-signing is still in the product it's never been an advertised Firefox feature (it was inherited from Netscape 6), and support will be removed in a future version. No date set, maybe next year.
What you should do instead is create a "JetPack" that will do whatever privileged operation you're trying to do. If you're OK with users having to say "OK" to a big ugly permission dialog then asking them to installa "restart-less" add-on one time shouldn't be a problem.
The obvious temptation is to inject an object or method into the page, but it would be more secure to listen for events instead. Most important would be to limit the effects of your add-on only to your own site(s) to prevent your users from being hacked when visiting malicious sites.