Warn dataset owners when dataset resources are HTTP; replace with HTTPS if not 404

[mogul]

User Story

In order to maintain trust and accessibility of datasets we index (by preventing browser warnings), we want to ensure catalog.data.gov doesn't generate mixed http/https content.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• GIVEN a harvest source includes an http:// link
  AND there is an equivalent https:// link that doesn't error
  WHEN a harvest of that data source happens
  THEN a warning about the HTTP link is generated in the harvest report
  AND the HTTPS link is the one that's recorded.
• GIVEN a harvest source includes an http:// link
  AND there is NO equivalent https:// link that doesn't error
  WHEN a harvest of that data source happens
  THEN a warning about the HTTP link is generated in the harvest report
  AND the HTTP link should not be recorded.
• The next Nessus scan of our services should not present any findings about mixed content

Background

https://blog.chromium.org/2020/02/protecting-users-from-insecure.html

Lynda reported this.
https://catalog.data.gov/dataset/fws-critical-habitat-for-threatened-and-endangered-species-datasetd55fc
Links to http resources, and chrome (and other modern web browsers) will block these downloads.

Example of the problem (at the time of issue creation):
http://ecos.fws.gov/docs/crithab/crithab_all/crithab_all_layers.zip
http://ecos.fws.gov/docs/crithab/crithab_all/crithab_all_shapefiles.zip

Security Considerations (required)

This change prevents catalog.data.gov from ever presenting mixed-content.

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]
Note the upstream issue we filed.

[jbrown-xentity]

Related to #3974 and #3476

[hkdctol]

Archiving for now

[jbrown-xentity]

Planning to implement this as a warning in the Harvesting 2.0 process. Will be an improvement for data providers.