Add Expect CT policy that gets checked on all certs

net/cert/ct_policy_status.h

Index: net/cert/ct_policy_status.h
diff --git a/net/cert/ct_policy_status.h b/net/cert/ct_policy_status.h
index e234cb73914e3358d13f9598fda2de79e5815e7e..cc38585d6faf7769e4785a63800f1b2cee5524d1 100644
--- a/net/cert/ct_policy_status.h
+++ b/net/cert/ct_policy_status.h
@@ -9,11 +9,28 @@ namespace net {
 
 namespace ct {
 
+// Information about the connection's compliance with the CT
+// certificate policy.
+enum class CertPolicyCompliance {
+  // The connection complied with the certificate policy by
+  // including SCTs that satisfy the policy.
+  CERT_POLICY_COMPLIES_VIA_SCTS = 0,
+  // The connection did not have enough SCTs to comply.
+  CERT_POLICY_NOT_ENOUGH_SCTS,
+  // The connection did not have diverse enough SCTs to comply.
+  CERT_POLICY_NOT_DIVERSE_SCTS,
+  // The connection cannot be considered compliant because the build
+  // isn't timely and therefore log information might be out of date
+  // (for example a log might no longer be considered trustworthy).
+  CERT_POLICY_BUILD_NOT_TIMELY,
+};
+
 // Information about a connection's compliance with the CT EV
 // certificate policy.
+// This enum is histogrammed, so do not remove or reorder values.
 enum class EVPolicyCompliance {
   // The certificate was not EV, so the EV policy doesn't apply.
-  EV_POLICY_DOES_NOT_APPLY,
+  EV_POLICY_DOES_NOT_APPLY = 0,
   // The connection complied with the EV certificate policy by being
   // included on the EV whitelist.
   EV_POLICY_COMPLIES_VIA_WHITELIST,
@@ -30,6 +47,7 @@ enum class EVPolicyCompliance {
   // isn't timely and therefore log information might be out of date
   // (for example a log might no longer be considered trustworthy).
   EV_POLICY_BUILD_NOT_TIMELY,
+  EV_POLICY_MAX,
 };
 
 }  // namespace ct