Fix #2

This fixes #2 (closed) by tweaking scripts/head.hackage in two ways:

1. This changes the script to use cabal new-update head.hackage.ghc.haskell.org, not cabal new-update head.hackage, since the former is now the name of the repository. Since head.hackage.ghc.haskell.org is referred to in quite a few places in the script, I factored this out into its own variable.
2. This changes the url to use http://, not https://, so that http-transport: plain-http works properly. An alternative would be to keep the use of https:// and use http-transport: curl instead, but that assumes the existence of a curl binary on one's machine, making it a less portable solution. In any case, the use of http:// in this script shouldn't pose any security issues, since hackage-security already introduces a security layer independent of CAs.