Use HTTPS instead of the git protocol

[julianbrost]

The git protocol provides no authentication and thus is vulnerable to man-in-the-middle attacks. git.archlinux.org supports cloning via HTTPS so please use that by default.

[falconindy]

This is already user configurable. Those who care to switch, can do so.

[julianbrost]

asp uses the insecure option by default which really is a bad idea IMHO as software should be secure by default.

[falconindy]

The technical reason this isn't done is because git's http transport was previously inferior to the git transport. I don't see these deficiencies any longer.