certificate manager: Disable export option for TPM-backed certs.

chrome/browser/ui/webui/options2/certificate_manager_handler2.cc

Index: chrome/browser/ui/webui/options2/certificate_manager_handler2.cc
diff --git a/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc b/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc
index ea1c9c5aa7a894b46d5d7973e2b3e05ff4dbc4e0..a8ed12492e6d94f9de29b9e783901f4990beecb3 100644
--- a/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc
+++ b/chrome/browser/ui/webui/options2/certificate_manager_handler2.cc
@@ -976,6 +976,9 @@ void CertificateManagerHandler::PopulateTree(const std::string& tab_name,
         cert_dict->SetBoolean(
             kUntrustedId,
             certificate_manager_model_->cert_db().IsUntrusted(cert));
+        // TODO(hshi): This should be determined by testing for PKCS #11
+        // CKA_EXTRACTABLE attribute. We may need to use the NSS function
+        // PK11_ReadRawAttribute to do that.
         cert_dict->SetBoolean(
             kExtractableId,
             !certificate_manager_model_->IsHardwareBacked(cert));