Add UseCounters for Symantec certs to be distrusted in M70

The old Symantec PKI will be fully distrusted in M70
(https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html). We
already have DevTools console messages in place for affected resources, and this
CL adds UseCounters so that we know how many page loads will be affected.

The counters give us:
- % of page visits with an affected main frame main resource
- % of page visits with an afected subframe main resource
- % of page visits with an affected subresource

Note that these buckets can overlap, for example a single page visit can
increment all 3 counters.

Bug: 853868
Change-Id: I7ae103efcc47a3e4e381b35c6803ef2d8ed4c7fb
Reviewed-on: https://chromium-review.googlesource.com/1107841
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569282}

third_party/blink/public/platform/web_feature.mojom

@@ -1947,6 +1947,9 @@ enum WebFeature {
   kV8SpeechRecognitionEvent_Interpretation_AttributeGetter = 2481,
   kV8SpeechRecognitionEvent_Emma_AttributeGetter = 2482,
   kV8SpeechSynthesis_Speak_Method = 2483,
+  kLegacySymantecCertMainFrameResource = 2484,
+  kLegacySymantecCertInSubresource = 2485,
+  kLegacySymantecCertInSubframeMainResource = 2486,
 
   // Add new features immediately above this line. Don't change assigned
   // numbers of any item, and don't reuse removed slots.

third_party/blink/renderer/core/loader/document_loader.cc

@@ -1002,6 +1002,10 @@ void DocumentLoader::DidCommitNavigation(
   // Report legacy Symantec certificates after Page::DidCommitLoad, because the
   // latter clears the console.
   if (response_.IsLegacySymantecCert()) {
+    UseCounter::Count(
+        frame_, frame_->Tree().Parent()
+                    ? WebFeature::kLegacySymantecCertInSubframeMainResource
+                    : WebFeature::kLegacySymantecCertMainFrameResource);
     GetLocalFrameClient().ReportLegacySymantecCert(response_.Url(),
                                                    false /* did_fail */);
   }

third_party/blink/renderer/core/loader/frame_fetch_context.cc

@@ -138,6 +138,15 @@ void MaybeRecordCTPolicyComplianceUseCounter(
                 kCertificateTransparencyNonCompliantSubresourceInMainFrame);
 }
 
+void RecordLegacySymantecCertUseCounter(LocalFrame* frame,
+                                        Resource::Type resource_type) {
+  // Main resources are counted in DocumentLoader.
+  if (resource_type == Resource::kMainResource) {
+    return;
+  }
+  UseCounter::Count(frame, WebFeature::kLegacySymantecCertInSubresource);
+}
+
 // Determines FetchCacheMode for a main resource, or FetchCacheMode that is
 // corresponding to WebFrameLoadType.
 // TODO(toyoshim): Probably, we should split WebFrameLoadType to FetchCacheMode
@@ -596,6 +605,7 @@ void FrameFetchContext::DispatchDidReceiveResponse(
   }
 
   if (response.IsLegacySymantecCert()) {
+    RecordLegacySymantecCertUseCounter(GetFrame(), resource->GetType());
     GetLocalFrameClient()->ReportLegacySymantecCert(response.Url(),
                                                     false /* did_fail */);
   }

tools/metrics/histograms/enums.xml

@@ -19035,6 +19035,9 @@ Called by update_net_error_codes.py.-->
       label="V8SpeechRecognitionEvent_Interpretation_AttributeGetter"/>
   <int value="2482" label="V8SpeechRecognitionEvent_Emma_AttributeGetter"/>
   <int value="2483" label="V8SpeechSynthesis_Speak_Method"/>
+  <int value="2484" label="LegacySymantecCertMainFrameResource"/>
+  <int value="2485" label="LegacySymantecCertInSubresource"/>
+  <int value="2486" label="LegacySymantecCertInSubframeMainResource"/>
 </enum>
 
 <enum name="FeedbackSource">