alpha support for x-forwarded-proto

[isaacagudo]

I haven't check yet https://www.npmjs.com/package/@dinoboff/ims-lti but it seem thats the ideal way to go. Another alternative, very naive is to check in any case whether the 'x-forwarded-proto' headers is set to HTTPS, an in this case asume that even if the actual protocol for the request is HTTP we should use HTTPS for checking the signature.