LOW PRIORITY - effective-pom.xml has http: urls for xsds

[dwinchell]

If an application runs some kind of coding style scan that looks for http: urls (instead of https:), that scan turns up a finding because PSR generates an effective-pom.xml file that has xsd imports using the http protocol.

The maintainer of the app being built by ploigos can work around this by suppressing the finding, but that is not ideal because it (slightly) increases the effort to onboard the app to PSR.

We should generate effective-pom.xml using https: urls for the xsd imports.

Example:

• An app running the maven checkstyle plugin turns up warnings like

Error:  [ERROR] step-runner-working/unit-test/effective-pom.xml:[5,12] (extension) NoHttp: http:// URLs are not allowed but got 'http://maven.apache.org/plugins/maven-help-plugin/'. Use https:// instead.

• App developer has to add a suppression rule like this (this is not a great rule but you get the idea).

<suppress files=".+\.(jar|git|ico|p12|gif|jks|jpg|svg|xml)" checks="NoHttp"/>

How to start implementing the fix: Change this line in the relevant unit test to check for the new behavior https://github.com/ploigos/ploigos-step-runner/blob/main/tests/utils/test_xml.py#L36