Bug 1714582: Ensure that cert error overrides do not mistakenly flag a connection as secure; r=geckoview-reviewers,owlish

Two issues:

1. We were missing the `originAttributes` argument to `nsICertOverrideService.hasMatchingOverride`.
2. If the override *does* exist, we should flagging it as insecure.

I also enhanced a test to check this.

Differential Revision: https://phabricator.services.mozilla.com/D121009

mobile/android/geckoview/src/androidTest/java/org/mozilla/geckoview/test/NavigationDelegateTest.kt

@@ -254,6 +254,13 @@ class NavigationDelegateTest : BaseSessionTest() {
                     }
 
                     @AssertCalled(count = 1, order = [2])
+                    override fun onSecurityChange(session: GeckoSession,
+                                                  securityInfo: GeckoSession.ProgressDelegate.SecurityInformation) {
+                        assertThat("Should be exception", securityInfo.isException, equalTo(true))
+                        assertThat("Should not be secure", securityInfo.isSecure, equalTo(false))
+                    }
+
+                    @AssertCalled(count = 1, order = [3])
                     override fun onPageStop(session: GeckoSession, success: Boolean) {
                         assertThat("Load should succeed", success, equalTo(true))
                         sessionRule.removeAllCertOverrides()

mobile/android/modules/geckoview/GeckoViewProgress.jsm

@@ -153,10 +153,15 @@ var IdentityHandler = {
       result.securityException = OverrideService.hasMatchingOverride(
         uri.host,
         uri.port,
+        {},
         cert,
         {},
         {}
       );
+
+      // If an override exists, the connection is being allowed but should not
+      // be considered secure.
+      result.secure = !result.securityException;
     } catch (e) {}
 
     return result;