SRI allows one to specify multiple hashes. In other words, to prevent this particular mismatch, one could include the hash of the new resource as well as the previous valid hash.
The HTTP 2.0 spec[1] mentions "Implementations of HTTP/2 MUST support TLS 1.2 and it appears Chrome will implement HTTP/2 via TLS only (http://volgarev.me/blog/75094931827).
ds9, yes, "site certs the browser doesn't trust a CA for" is more accurate. You can find the exact details of HSTS and self-signed certs in the draft in section 11.3[1]. I've updated the post to hopefully be more clear.