Shapeshifter library should refuse unencrypted http connections (only allow https)

[eelcodenheijer]

Description

The shapeshifter library will send a flex message to any endpoint (http or https), whereas the specification states that only encrypted communication should be allowed.

Fix

We should add a check before setting up a connection, that verifies whether

1. the endpoint uses https; if the endpoint is http then an exception should be thrown.
2. the endpoint URL either contains no port, or contains port 443

[tomwetjens]

Discussed in the TSC meeting: default should be block it, but opt-in http for local development for example.
Also port doesn't say anything. Just require the 'https' scheme should be sufficient.