Add insecure-broken security state to the DevTools protocol

Security UX is experimenting with using a grey triangle warning for
non-secure site connections (crbug.com/997972). When this icon is
shown, DevTools Security panel's security overview should match the
state shown in the omnibox. This cl sets up this change by adding an
insecure-broken state, so that the following states can be distinguished:
- neutral (info icon)
- insecure HTTP
- insecure broken HTTPS

This change will also make the security state naming more intuitive, since
insecure HTTP can be marked as 'insecure' rather than 'neutral' as part
of a follow-up cl.

Temporarily disables a web test since fixing it requires a frontend
change, which is in a separate repo. This will be re-enabled in a
follow-up.

Bug: 1008218
Change-Id: I628f2fe1168dfeead7874e36b210bcc0396b6e8a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1874787
Commit-Queue: Livvie Lin <livvielin@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#709095}

content/browser/devtools/protocol/security_handler.cc

@@ -42,6 +42,8 @@ std::string SecurityStyleToProtocolSecurityState(
       return Security::SecurityStateEnum::Insecure;
     case blink::SecurityStyle::kSecure:
       return Security::SecurityStateEnum::Secure;
+    case blink::SecurityStyle::kInsecureBroken:
+      return Security::SecurityStateEnum::InsecureBroken;
     default:
       NOTREACHED();
       return Security::SecurityStateEnum::Unknown;

third_party/blink/public/common/security/security_style.h

@@ -11,7 +11,8 @@ enum class SecurityStyle {
   kNeutral,
   kInsecure,
   kSecure,
-  kLast = kSecure
+  kInsecureBroken,
+  kLast = kInsecureBroken
 };
 }  // namespace blink
 #endif  // THIRD_PARTY_BLINK_PUBLIC_COMMON_SECURITY_SECURITY_STYLE_H_"

third_party/blink/renderer/core/inspector/browser_protocol.pdl

@@ -6061,6 +6061,7 @@ domain Security
       insecure
       secure
       info
+      insecure-broken
 
   # Details about the security state of the page certificate.
   experimental type CertificateSecurityState extends object

third_party/blink/renderer/core/inspector/inspector_network_agent.cc

@@ -552,6 +552,9 @@ BuildObjectForResourceResponse(const ResourceResponse& response,
     case SecurityStyle::kSecure:
       security_state = protocol::Security::SecurityStateEnum::Secure;
       break;
+    case SecurityStyle::kInsecureBroken:
+      security_state = protocol::Security::SecurityStateEnum::InsecureBroken;
+      break;
   }
 
   // Use mime type from cached resource in case the one in response is empty.

third_party/blink/web_tests/TestExpectations

@@ -5718,3 +5718,6 @@ crbug.com/1016804 external/wpt/css/css-grid/layout-algorithm/grid-flex-track-int
 
 # Sheriff 2019-10-24
 crbug.com/1017626 [ Linux ] external/wpt/compat/idlharness.window.html [ Pass Timeout ]
+
+# DevTools Security Panel (disabled temporarily as part of workflow)
+crbug.com/1008218 http/tests/devtools/security/security-state-comparator.js [ Failure ]