Castanet needs to complain when HTTPS isn't used for CAS server communication

[hannahwhy]

Before CAS data is sent over an insecure channel, complain loudly.

Additionally: If a canonical logger is present, use it. Doing this automatically is possible for some special cases (i.e. Rack-based webapps) but I'm hesitant to encode such a dependency. Maybe a Castanet::Client#logger= writer would be a good solution.

In the past, we (NUBIC) have found it to be occasionally useful to be able to intercept CAS data when developing applications that use CAS. However, as the diagnostic abilities of our tools improve and the stability of our CAS infrastructure has improved, this ability has become less and less useful. As a result, Castanet may eventually mandate HTTPS.

[hannahwhy]

Implemented a different solution, but seems to work just as well: default to HTTPS, but permit completely dropping it.

The method of dropping HTTPS is documented, but I don't think it's likely to be something that can happen by accident. See 5b9478be6d691cbb7336f8e17228aeba480eef5c.