SECURITY: odoo-rpc-client >= 1.0.0 use http even when https is requested

I've been using odoo-rpc-client and openerp_proxy for many years. However, since the release of 1.1.0 connections via xml-rpcs / https are failing. This used to work just fine until commit

commit 775ea3ebdc0a6b857920948ce7da9f1c9f73471b
Author: Dmytro Katyukha 
Date:   Tue Dec 4 00:13:53 2018 +0200

    Added support of timeouts

which started to wrap the xmlrcp.client.Transport into a _TimeoutTransport class. However, the upstream xmlrpc.client actually uses xmlrcp.client.Transport only for http, while it uses xmlrpc.client.SafeTransport for https.

By overriding/wrapping the Transport in _TimeoutTransport, https support (working < 1.0.0) was rendered broken.

Anyone having credentials (e.g. http basic auth) in their requests now had those credentials leaked without any ssl/tls encryption!