Discourage http basic authentication when not using TLS

[th4s]

It is currently possible to inject authorization headers into HTTP requests using Credentials when creating a connector over websocket or http.

This also means it would be possible to use basic authentication over a non-TLS connection. This is not good practice and susceptible to attacks since the password is sent in cleartext.

I feel we should discourage this use and return an error when trying to create a connector not using TLS and attempting to use http basic authentication.

This would include checking if a TLS connection is used AND the credentials are Some(Credentials::Basic(_)) for Connector::websocket and Connector::http and also introduce new error variants accordingly.