Rigorously check for HTTPS when handling secure cookies

[vilmibm]

Checking that the uri instance descends from URI::HTTPS is insufficient:

https://github.com/sparklemotion/http-cookie/blob/405a48bcb41b0a99dbd2386a7c217a280e958dff/lib/http/cookie.rb#L590

Instead, this needs to check the actual scheme of the uri instance (or something else more meaningful). Faraday, for example, uses a URI::HTTP instance with scheme set to https for its secure connections and as a result can't work with this library and secure cookies.