Introduce browser-side plumbing for sending the lock icon status to DevTools.

content/public/common/security_style.h

Index: content/public/common/security_style.h
diff --git a/content/public/common/security_style.h b/content/public/common/security_style.h
index 94cd0ed99d9eaee70cb84135ae0f95f6f24f1f3f..279a7c6238430d389b184eff3bc8f4e72b7bd821 100644
--- a/content/public/common/security_style.h
+++ b/content/public/common/security_style.h
@@ -28,6 +28,11 @@ enum SecurityStyle {
   // this object in an authenticated manner but were unable to do so.
   SECURITY_STYLE_AUTHENTICATION_BROKEN,
 
+  // SECURITY_STYLE_WARNING is a higher-level state that means that the object
+  // was retrieved in an authenticated manner, but there were security issues
+  // with the retrieval or the object interacted with less secure objects.

[Ryan Sleevi, 2015/06/03 23:43:52]

comment nit: I'm not sure what "higher-level state" is supposed to mean here?

If you drop "is a higher-level state that" from the comment, I think it's fine
and would resolve my unease at a possible layering issue in the comment.

(The reason I don't think this concept is itself a layering issue would because
Mike's current mixedcontent spec details "deprecated TLS-protection" to cover
this phase)

[lgarron, 2015/06/04 00:26:35]

Done.

(Thanks for the "deprecated TLS-protection" terminology.)

+  SECURITY_STYLE_WARNING,
+
   // SECURITY_STYLE_AUTHENTICATED indicates that we successfully retrieved this
   // object over an authenticated protocol, such as HTTPS.
   SECURITY_STYLE_AUTHENTICATED,