block all SSH connections for VCS, for usabililty and security

If we allow SSH, then we'd have to manage known_hosts.

All VCS and submodule URLs should use HTTPS.  SSH URLs have security vulns:

I did a manual scan of the setup on to see if I could
find any suspicious URLs.  Looks good so far.  This is what I used:

find . -type f -print0 |xargs -0 grep -Eo 'ssh[:+][svn/]+...................'
find . -type f -print0 |xargs -0 grep -Eo 'ssh://-[^ "]+'

Also, some ssh://_ URLs in submodules might still work, because of the URL
rewriting in fdbfb4d1.  But https://-oProxyCommand=pwnme does not really do
anything, unlike ssh://-oProxyCommand=pwnme
2 jobs for CVE-2017-1000117 in 51 minutes and 57 seconds (queued for 3 minutes and 21 seconds)
Status Job ID Name Coverage
passed #43080764


passed #43080763