Added a parameter that allows the upgrade of insecure requests

[nareal]

This avoids the browser block of the websocket served through ws

CSP: upgrade-insecure-requests - HTTP | MDN

This is particularly useful when streaming to the outside world using a service like ngrok (see #8)

[eliocamp]

With this PR, now I cannot see the serve locally, but it does work with ngrok. Is that expected?

Is there any downside to setting the default to TRUE?

[nareal]

Yes, that is expected since locally the websocket is served through an insecure connection.

The downside is that it changes the default behaviour of the package.