Treat `http://localhost` as a secure context

DRANK

Developers generally expect `http://localhost` to have the same transport security characteristics as TLS, as it should resolve to a loopback address, and will therefore never hit the network. Chrome will ensure that this expectation is accurate by implementing and carves out `http://localhost` accordingly.