[Windows Sandbox] MS-signed binaries only, post-startup.

Enable MITIGATION_FORCE_MS_SIGNED_BINS post-startup (after warmup) on
all sandboxed child processes.  Any third-party modules must be loaded
at process startup.

Also includes a temporary emergency off switch. "WinSboxForceMsSigned" can be used on the command line to disable the block.

(Aside: this CL also removes the old emergency off switch around MITIGATION_EXTENSION_POINT_DISABLE - for child processes.)

TEST= sbox_integration_tests.exe, ProcessMitigationsTest.*
BUG=750886

Change-Id: I638aebade28ff42743b07d885dff8230a1e25c49
Reviewed-on: https://chromium-review.googlesource.com/596677
Commit-Queue: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492495}
3 files changed