Notification about https requirement [DSGVO|GDPR]

[riconeitzel]

Uses parts of https://github.com/ikonoshirt/StrictTransportSecurity to compare insecure/base_url and secure/base_url and renders a backend warning about https:// requirement.

jonas and carsten (maxcluster) create a proof of concept for the open question: if varnish SSL offloading is used and both urls are configured to be https:// do we end up in a redirect-loop?

[jonashrem]

we tested this out and using https for both secure and unsecure url is fine as magento is correctly detecting this when the OFFLOADING headers are set up correctly