[scanner integration] Show moderate warning on directory entry page for landing pages hosted on subdomain

[eloquence]

Per epic #488, we should show a warning of type "moderate" for instances hosted on a subdomain.

It may be necessary to support whitelisting of instances, in cases where this doesn't really apply because the domain name is a dead giveaway (leaknow.leakleakleak.org), or where folks have found reasonable workarounds to protect privacy (neutral naming of subdomain and use for other purposes).

Proposed warning text (see #514 for boilerplate):

This SecureDrop landing page is hosted on a subdomain, "<subdomain>", which is unencrypted metadata that may be monitored.

[eloquence]

As of today, this impacts nearly half the landing pages in the directory, 18 of 40. Of those 18, 11 are clearly problematic (subdomains like securedrop, contact or newstips). Significant outreach required prior to activating this warning.

[conorsch]

Fortunately, with the Chrome HTTP insecure warning updates, we've seen great adoption of HTTPS site-wide for most news orgs—so the historical blockers for hosting landing pages on primary domain routes may be largely resolved for many orgs. Check out the latest STN data:

Completely agree that meticulous outreach is required before we go public with the warning.

[eloquence]

This is done in current master (behind flag), further tweaks will be tracked through separate issues.