bootstrap: Use https by default for source tarballs
Download via https from a mirror we've set up on github. This should
mean fewer CI build failures due to hitting a bad mirror (the CI will
already fail already if github is down), and using https is less likely
to hit issues with firewalls and ISPs interfering with downloads, and
also preserves user privacy a little more.
You can now run ./bootstrap --http to request use of http: URLs (where
available - for "file" there doesn't seem to be an http: download, and
http: mirror URLs might redirect to https:. As before, --ftp will use
ftp: URLs where they are still available).
We've always checked cryptographic hashes of the tarballs, so this
makes little difference to security.