Do not allow HTTP access in production; always redirect

[lilith]

KeyHub should require HTTPS access when deployed, but not when debugging.

[dragan]

I meant to leave the comment I left on the pull request here. Anyways, for brevity instead of you having to find it. What I asked was "Is this working as expected or do I need to look into it? Just wondering why it's not closed if the code has been merged."