Add setting to disallow insecure transports

Background

For GNOME, we should have a setting to disable all insecure transports. http://, ftp://, git:// etc. Basically, anything that is not https:// should fail. Ideally BuildStream would notice when beginning a build that an insecure URL has been added to the project and refuse to build anything, but it's fine as long as it fails at some point.

It should apply cross-junction, so e.g. if the freedesktop SDK adds an element that uses a http:// URI, that should fail rather than downloading anything via http://.

Task description

[ ] Action 1
[ ] Action 2
[ ] Action 3

Acceptance Criteria

Should be able to add a setting to project.refs to disable insecure transports

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information