The initial patch would always try to use HTTPS, even when the repo
specified to use HTTP. This works for the central community hackage
but obviously does not work in general.

The new logic is that we always follow what is specified for the
remote repo in the config, except for built-in known repos (currently
just the central community hackage) where we mark them as also
supporting https. For upload when uploading to such a marked repo
then we will try https and will complain if the plain-http impl was
selected automatically (but it's ok if selected manually).

This patch also changes things so that for http urls on download, we
stick to the builtin http impl by default, and only use the external
ones if https support is required (i.e. because the repo was
configured to use an https url)