[Web Payment] Do not update header view when aborting payment.

Before this patch, navigation to an insecure page would update the
header view and remove the header view at the same time, which could
result in a use-after-free.

This patch updates the header view only when not aborting payment.

After this patch, navigation to an insecure page will remove the header
view and not try updating it, thus avoiding the use-after-free.

Bug: 1114556
Change-Id: I946bed36433e3241c6c19c33d7be759ea23a1478
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2351959Reviewed-by: Liquan (Max) Gu <maxlg@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#797294}

chrome/browser/ui/views/payments/payment_handler_web_flow_view_controller.cc

@@ -304,9 +304,11 @@ bool PaymentHandlerWebFlowViewController::
 void PaymentHandlerWebFlowViewController::VisibleSecurityStateChanged(
     content::WebContents* source) {
   DCHECK_EQ(source, web_contents());
-  UpdateHeaderView();
-  if (!SslValidityChecker::IsValidPageInPaymentHandlerWindow(source))
+  if (!SslValidityChecker::IsValidPageInPaymentHandlerWindow(source)) {
     AbortPayment();
+  } else {
+    UpdateHeaderView();
+  }
 }
 
 void PaymentHandlerWebFlowViewController::DidStartNavigation(