Prevent retrograding secure to plaintext

[GuillaumeRossolini]

We had an issue a few years back when setting up tentative HTTPS, in that our login page would be served over HTTPS but the subsequent navigation could go on over plaintext with the same cookie. We locked all links to HTTPS for these sessions, but there was no HSTS back then and nothing prevented the user to click an outdated link (or just going back a few pages), where they expected their session to continue.

This kind of errors could be prevented by the browser refusing to retrograde a cookie to plaintext once it has been updated over HTTPS.