[WebLayer] Embedders don't need a SecurityStateClient.

Before this change, the browser process would crash if the
SecurityStateClient wasn't set early in the startup path. This change
makes having a SecurityStateClient optional for the embedder and
defaults to the components logic to get security level.

Bug: 1052375
Change-Id: I7336e375908137aed3187debddd3860b7d657e0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2162985
Commit-Queue: Mugdha Lakhani <nator@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#762035}

components/security_state/content/android/security_state_model_android.cc

@@ -24,13 +24,16 @@ jint JNI_SecurityStateModel_GetSecurityLevelForWebContents(
 
   security_state::SecurityStateClient* security_state_client =
       security_state::GetSecurityStateClient();
-  DCHECK(security_state_client);
 
+  // At this time, the usage of the client isn't mandatory as it is used only
+  // for optional overriding of default behavior.
+  if (security_state_client) {
     std::unique_ptr<SecurityStateModelDelegate> security_state_model_delegate =
         security_state_client->MaybeCreateSecurityStateModelDelegate();
 
     if (security_state_model_delegate)
       return security_state_model_delegate->GetSecurityLevel(web_contents);
+  }
 
   return security_state::GetSecurityLevel(
       *security_state::GetVisibleSecurityState(web_contents),