Same with blob: and filesystem:, too. Do we want to show HTTP_SHOW_WARNING on all blob: and filesystem: URLs like we do with all HTTP pages?

Bumping up priority as we need to decide about to do about blob: for M68.

For filesystem:, if I'm reading the code correctly we treat it as secure if the inner origin is secure and nonsecure otherwise, which seems right.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6e1d57f49ebbf3293fbd47f6bfa8083197c36d34

commit 6e1d57f49ebbf3293fbd47f6bfa8083197c36d34
Author: Emily Stark <estark@google.com>
Date: Mon Apr 30 15:36:05 2018

Handle blob URLs correctly for HTTP-Bad

Previously, we were treating all blob: URLs as nonsecure for the purposes of
HTTP-Bad: namely, all blob: URLs would get a security level of
HTTP_SHOW_WARNING. Instead, we now use the origin of the blob: URL to determine
whether the security level should be HTTP_SHOW_WARNING (for nonsecure origins)
or NONE (for secure origins).

Bug: 797533
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I5400aaad91b55c3330d01c43bba5056b7351f723
Reviewed-on: https://chromium-review.googlesource.com/1031529
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554759}
[modify] https://crrev.com/6e1d57f49ebbf3293fbd47f6bfa8083197c36d34/chrome/browser/ssl/security_state_tab_helper_browsertest.cc
[modify] https://crrev.com/6e1d57f49ebbf3293fbd47f6bfa8083197c36d34/components/security_state/core/security_state.cc
[modify] https://crrev.com/6e1d57f49ebbf3293fbd47f6bfa8083197c36d34/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter