Make form-not-secure controllable as its own separate Finch feature

components/security_state/core/security_state.h

Index: components/security_state/core/security_state.h
diff --git a/components/security_state/core/security_state.h b/components/security_state/core/security_state.h
index c7d36a6cb81f0fb02712035d46a2c2a20869eee5..a6b79e822a907890412e0aec74b720a464894bd0 100644
--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -9,6 +9,7 @@
 #include <memory>
 
 #include "base/callback.h"
+#include "base/feature_list.h"
 #include "base/macros.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/sct_status_flags.h"
@@ -24,6 +25,10 @@
 // the form of a VisibleSecurityState struct.
 namespace security_state {
 
+// A feature for showing a warning in autofill dropdowns for password
+// and credit cards fields when the top-level page is not HTTPS.
+extern const base::Feature kHttpFormWarningFeature;
+
 // Describes the overall security state of the page.
 //
 // If you reorder, add, or delete values from this enum, you must also
@@ -216,6 +221,11 @@ void GetSecurityInfo(
     IsOriginSecureCallback is_origin_secure_callback,
     SecurityInfo* result);
 
+// Returns true if an experimental form warning UI about HTTP passwords
+// and credit cards is enabled. This warning UI can be enabled with the
+// |kHttpFormWarningFeature| feature.
+bool IsHttpWarningInFormEnabled();
+
 }  // namespace security_state
 
 #endif  // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_