Require HTTPS (no HTTP) when externalURL has scheme HTTPS

Created by: beyang

Issue 1: Sourcegraph still permits HTTP requests when externalURL is configured to be HTTPS. Typically, this is not an issue, because the instance is only accessible at externalURL and the site admin configures firewall issues that block access over HTTP. However, if an alternate URL provides access to Sourcegraph over HTTP, Sourcegraph will still respond to those requests. CSRF failures will occur at the HTTP URL, because we use secure cookies when HTTPS is configured, and so those secure cookies never get set by the browser for the HTTP URL. This leads to the opaque error "Error: Forbidden - CSRF token invalid".

Proposed solution: Display an always-visible warning in the frontend when externalURL is HTTPS, but Sourcegraph frontend finds itself at a vanilla HTTP URL. We do not want to enforce this on the backend, because we do not know what kind of proxies stand in between Sourcegraph and the browser; some setups might want Sourcegraph to serve HTTP requests to a reverse proxy, which then exposes HTTPS to end-users. We do not want to restrict access to Sourcegraph entirely, so the user can still access the UI to figure out what the externalURL actually is.

Issue 2: Display a more helpful error message when user signup (with builtin authentication) fails. Suggest possible course of actions: (1) Log in with the site admin credentials, (2) create a fresh instance. This is helpful when the site admin forgets they earlier created the initial account or when Sourcegraph setup responsibility is passed to another person early on in the setup process and that new teammate is unaware that an initial account already exists.