Get tails.boum.org on the Chrome HSTS preload list

The preload list form Chrome is based on HSTS, and available in full here:

https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json

They pin their CA but not their public key directly.

They have a dedicated site to request for inclusion:

https://hstspreload.appspot.com/

I’m not sure we could apply according to “Serve all subdomains over
HTTPS”. Sure “tails.boum.org” serves everything as HTTPS and
“dl.amnesia.boum.org” is not a subdomain of “tails.boum.org”. But the
cert is issued to “boum.org”, which doesn’t comply with this rule.

mayfirst.org is in there so we might as well ask dkg for more details.

Parent Task: #8191 (closed)

Related issues

Related to #9796 (closed)
Blocked by #8192 (closed)

Original created by @sajolida on 9102 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information