Invalid onion sites are shown as secure in the page info window

STR:

1. Open an invalid onion site
2. Open the identity panel
3. Click on connection failure
4. Notice it says that the connection is not secure in the site information
5. Click on more information
6. Notice that the page info window says the connection is secured

Screenshots

I think the problem is that in browser/base/content/pageinfo/security.js we only check if the domain ends in .onion, without checking anything else.