Stop blocking 'http://127.0.0.1/' as mixed content.

Currently, mixed content checks block http://127.0.0.1 from loading in a
page delivered over TLS. I'm (belatedly) coming around to the idea that
that restriction does more harm than good. In particular, I'll note that
folks are installing new trusted roots and self-signing certs for that
IP address, exposing themselves to additional risk for minimal benefit.
Helpful locally installed software is doing the same, with even more
associated risk.

This patch aligns our mixed content checks with the Secure Contexts
notion of "potentially trustworthy", allowing 'http://127.0.0.1'
accordingly.

BUG=607878
R=estark@chromium.org,rsleevi@chromium.org

Review-Url: https://codereview.chromium.org/1931063004
Cr-Commit-Position: refs/heads/master@{#401363}
103 files changed