Add setting to disallow insecure transports
Background
For GNOME, we should have a setting to disable all insecure transports. http://, ftp://, git:// etc. Basically, anything that is not https:// should fail. Ideally BuildStream would notice when beginning a build that an insecure URL has been added to the project and refuse to build anything, but it's fine as long as it fails at some point.
It should apply cross-junction, so e.g. if the freedesktop SDK adds an element that uses a http:// URI, that should fail rather than downloading anything via http://.
Task description
- [ ] Action 1
- [ ] Action 2
- [ ] Action 3
Acceptance Criteria
Should be able to add a setting to project.refs to disable insecure transports