Indicate insecure connections instead of secure connections by default

[johannhof]

As mentioned on Slack, these are some ideas that are floating around the Security UI team right now, but obviously it's not possible to implement them in Firefox short-term. Would be cool to see someone try it out.

• do not indicate secure connections anymore, but assume https as default and show only the domain name
• strongly indicate http-only and active mixed content pages in the urlbar/titlebar as broken

This would hopefully support the trend of everyone slowly moving off HTTP and towards HTTPS by default.

Also, this one might be a bit harder to do:

• find a way to clearly but subtly show that this domain was visited already or is in another way "verified" (maybe a heuristic mix of already visited, https, EV, alexa rank and blacklisting)

[Gozala]

@patrykadas Do you have some ideas in this regard ?