hosts as exempt from Certificate Transparency policy.

This introduces a policy
(CertificateTransparencyEnforcementDisabledForUrls) that
allows exempting certain hostnames from the Certificate
Transparency requirements. Some CAs, such as Symantec and
CNNIC at present, are required to disclose their
certificates via CT in order to have them trusted; any
certificate not disclosed is not trusted.

However, to accomodate some enterprise users who have the
capability to manage Chromium consumers, but cannot
manage other certificate-consuming systems on their
network, and which need certificates from these CAs, and
which claim that they cannot have these hosts disclosed
publicly (e.g. "topsecret.internal.example.com"), this
provides a policy mechanism to allow those hosts to be
exempted from CT requirement.

This is not a blanket policy for general hosts on the
Internet; in general, all certificates from these CAs
must conform, unless the device is enterprise managed.

Whether or not this policy ends up being temporary or not
depends on the IETF and CA community, and whether or not
a suitable technical means of redaction can be devised
which allows redaction (e.g. "?.?.example.com") to be
safely performed. For now and the foreseeable future,
redaction is not viable for Chromium, so the enterprise
policy is offered as an alternative.

BUG=620178
TBR=atwilson@chromium.org

Review-Url: https://codereview.chromium.org/2102783003
Cr-Commit-Position: refs/heads/master@{#403125}