Make secureGitUrl() warn for insecure Urls

[sth]

This is an updated version of #4809. It is rebased to current master and has some new tests added that verify the behavior of the modified secureGitUrl() function.

Summary
secureGitUrl() tries to make sure that we use secure URLs. It currently behaves inconsistently, like allowing plain http download without any warnings or raising SecurityError if a repository doesn't exist. See #4307 for details.

Main changes in behavior with this pull request:

• Insecure http: and git: URLs are handled consistently:
  • Plain http: URLs without a commit hash now report a warning. Previously they were silently accepted.
  • Plain git: URLs without a commit hash now no longer raise a SecurityError. Instead they report a warning.
• Non-existing or otherwise inaccessible repositories now no longer raise SecurityError. Previously this happend in some cases, leading to very confusing error messages.

For more context/rational see #4307 and the test cases in this pull request.

[buildsize]

This change will decrease the build size from 10.51 MB to 10.51 MB, a decrease of 1.59 KB (0%)

File name	Previous Size	New Size	Change
yarn-[version].noarch.rpm	910.44 KB	910.27 KB	-174 bytes (0%)
yarn-[version].js	3.96 MB	3.96 MB	-574 bytes (0%)
yarn-legacy-[version].js	4.11 MB	4.11 MB	-574 bytes (0%)
yarn-v[version].tar.gz	915.84 KB	915.73 KB	-113 bytes (0%)
yarn_[version]all.deb	676.22 KB	676.03 KB	-192 bytes (0%)

[arcanis]

A bit late, but this looks good! Thanks @sth! 🙂