Omit cookies when uploading certificate reports over HTTP
Invalid certificate reports go to Safe Browsing servers, so they should
contain cookies when possible: that is, we want to send them when
uploading the report over HTTPS, but we don't want to send the cookies
in the clear when uploading over HTTP.
Note: once BoringSSL is supported on all platforms, we will start
sending encrypted reports over HTTP always, and so the cookie-preference
code will be able to go away.
BUG=482724
Review URL: https://codereview.chromium.org/
1126653002
Cr-Commit-Position: refs/heads/master@{#328216}