oEmbed uses insecure connections for fetching info

[cfstras]

when on a secure server (https) and posting an embeddable link from a http source, the browser reacts in one of three ways:

• it happily displays the content and switches the "security indicator" to "contains insecure content"
• it errors in the console and doesn't embed at all
• it embeds while adding some useless stuff about "Unsafe JavaScript attempt to access frame with url bla bla"

There are four requirements in this:

• Where possible, call oEmbed via https if the site itself is using https (use protocol-relative URLs here http://paulirish.com/2010/the-protocol-relative-url/ )
• Where possible, embed content via https (again, protocol-relative URLs, if the embed supports it)
• Replace errors in the console with a browser popup asking the user to enable insecure content
  • Chrom(e|ium): shield symbol in urlbar
  • Firefox: ???
  • Opera: ???
  • IE9/10: ???
• remove useless junk if the embed succeeds anyway