Use |IsOriginSecure| for mark-HTTP-nonsecure field trial

When the flag or field trial is set such that non-secure origins will be
marked as dubious/non-secure, use |IsOriginSecure| to determine whether
an origin is non-secure, instead of simply treating http:// and ftp://
as non-secure. This means that http://nytimes.com will be marked as
dubious/non-secure, but not http://localhost (for example).

BUG=487499
TEST=Enable the "Mark non-secure as non-secure" flag in
chrome://flags. Visit http://nytimes.com and observe that the lock icon
is red and crossed out. Visit an http:// URL on localhost and observe
that the lock icon is neutral.

Review URL: https://codereview.chromium.org/1143503003

Cr-Commit-Position: refs/heads/master@{#329774}

chrome/browser/ssl/connection_security_helper.cc

@@ -16,12 +16,12 @@
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/origin_util.h"
 #include "content/public/common/ssl_status.h"
 #include "net/base/net_util.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_connection_status_flags.h"
-#include "url/url_constants.h"
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
@@ -73,7 +73,7 @@ ConnectionSecurityHelper::GetSecurityLevelForWebContents(
 
     case content::SECURITY_STYLE_UNAUTHENTICATED: {
       const GURL& url = entry->GetURL();
-      if (url.SchemeIs(url::kHttpScheme) || url.SchemeIs(url::kFtpScheme))
+      if (!content::IsOriginSecure(url))
         return GetSecurityLevelForNonSecureFieldTrial();
       return NONE;
     }