Add --ignore-certificate-errors-spki-list switch and UMA histogram.

The switch takes a comma-separated list of base64-encoded, SHA-256
subject public key hashes. If any of the certs presented by the
server match a hash from the list, certificate verification is
skipped, in order to ignore certificate errors.

Presence of the flag is counted in a UMA histogram.

This should allow us to remove the more blunt
--ignore-certificate-errors switch eventually.

Cr-Commit-Position: refs/heads/master@{#474021}
11 files changed