[webcrypto] Only allow crypto.subtle.* to be used from "secure origins".

Source/platform/weborigin/SecurityOrigin.h

Index: Source/platform/weborigin/SecurityOrigin.h
diff --git a/Source/platform/weborigin/SecurityOrigin.h b/Source/platform/weborigin/SecurityOrigin.h
index b43766449a1e9bd62f1a6648c8a8731bc0312ca3..9b903ad7dfad751f3c561b1ab6519bd8344daedb 100644
--- a/Source/platform/weborigin/SecurityOrigin.h
+++ b/Source/platform/weborigin/SecurityOrigin.h
@@ -113,6 +113,13 @@ public:
     // display content from the user's files system.
     bool canDisplay(const KURL&) const;
 
+    // A "secure origin" as defined by [1] are those that load resources either
+    // from the local machine (necessarily trusted) or over the network from a
+    // cryptographically-authenticated server.
+    //
+    // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure-
+    bool canAccessFeatureRequiringSecureOrigin() const;
+
     // Returns true if this SecurityOrigin can load local resources, such
     // as images, iframes, and style sheets, and can link to local URLs.
     // For example, call this function before creating an iframe to a
@@ -131,7 +138,7 @@ public:
     //       with older versions of WebKit.
     void grantLoadLocalResources();
 
-    // Explicitly grant the ability to access very other SecurityOrigin.
+    // Explicitly grant the ability to access every other SecurityOrigin.
     //
     // WARNING: This is an extremely powerful ability. Use with caution!
     void grantUniversalAccess();
@@ -154,6 +161,9 @@ public:
     // resources, and can set arbitrary headers on XMLHttpRequests.
     bool isLocal() const;
 
+    // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost".
+    bool isLocalhost() const;
+
     // The origin is a globally unique identifier assigned when the Document is
     // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin
     //