It resides in the user’s home directory (
/home/user/.mozilla/firefox/),
It’s for this exact reason that it can not just be set once in the template, because the template’s home directory is never shared with any AppVM based upon it.
You could however run the hardening utility on the templates own home configuration and then copy or move that directory to a static read-only staging area, and then when starting an AppVM just move (copy-on-write) that directory into the local home directory thus overlaying the default configuration. Each time you start an AppVM you would begin with the latest pre-configured settings for Firefox and it would only take the time to clone that directory, not running the hardening utility.
EDIT:
You might find this thread interesting: