Rework TransportSecurityPersister's data format.

In particular, separate out the HSTS and ExpectCT data tables
(addressing an old TODO) and switch from a dictionary of dictionaries
to a list of dictionaries, so that ExpectCT entries can be keyed on
NetworkIsolationKey in addition to domain hash in a followup CL.

The current plan is not to partition HSTS information by
NetworkIsolationKey, but this CL also switches it to using a list, to
be similar to the ExpectCT table.

This CL also adds a version number to the saved data format, and adds
an empty NetworkIsolationKey field to ExpectCT entries, so that entries
won't be lost when that field is added (though entries may be lost
when switching from an empty NIK to actually applying NIKs, which is
an issue for another day).

Bug: 969893
Change-Id: If723386b7ebc447ae78cb393b6b9d6719441759d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2216040
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Nick Harper <nharper@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#772952}

net/http/transport_security_persister.h

@@ -45,6 +45,7 @@
 
 namespace base {
 class SequencedTaskRunner;
+class Value;
 }
 
 namespace net {
@@ -107,20 +108,27 @@ class NET_EXPORT TransportSecurityPersister
   // Clears any existing non-static entries, and then re-populates
   // |transport_security_state_|.
   //
-  // Sets |*dirty| to true if the new state differs from the persisted
-  // state; false otherwise.
-  bool LoadEntries(const std::string& serialized, bool* dirty);
+  // Sets |*data_in_old_format| to true if the loaded data is in an older format
+  // and should be overwritten with data in the newest format.
+  bool LoadEntries(const std::string& serialized, bool* data_in_old_format);
 
  private:
   // Populates |state| from the JSON string |serialized|. Returns true if
   // all entries were parsed and deserialized correctly.
   //
-  // Sets |*dirty| to true if the new state differs from the persisted
-  // state; false otherwise.
+  // Sets |*data_in_old_format| to true if the old data is in the old file
+  // format and needs to be overwritten with data in the newer format; false
+  // otherwise.
   static bool Deserialize(const std::string& serialized,
-                          bool* dirty,
+                          bool* data_in_old_format,
                           TransportSecurityState* state);
 
+  // Used internally by Deserialize() to handle older dictionaries.
+  // TODO(https://crbug.com/1086975): This should be removed in Chrome 88.
+  static bool DeserializeObsoleteData(const base::Value& value,
+                                      bool* dirty,
+                                      TransportSecurityState* state);
+
   void CompleteLoad(const std::string& state);
   void OnWriteFinished(base::OnceClosure callback);