Use https to fetch eggdrop tarball & signature file

[PeterDaveHello]

ftp is not safe at all for a long time, https is better.

[vanosg]

Hi @PeterDaveHello ,

First, thank you so much for taking the time to review the Dockerfile and make a suggestion, it is awesome to see community involvement in this project! Yes, an FTP download is not protected the same way an HTTPS download is, but (and in accordance with official docker library image guidelines) the "security" is inserted after the download by using our verified gpg key to verify the contents of a user's download match the release we published- we would do this step whether it was done via FTP, HTTPS, or ... well, anything.

So yes, you're absolutely correct that HTTPS is a more secure protocol than FTP, but for now, for legacy and infrastructure reasons, I think we're going to stay with FTP for the moment as we can still get that security factor from the gpg verification. I suspect there will come a time in the future when we'll be better prepared to change this though. Thanks again for taking the time to submit this!

[PeterDaveHello]

Just wondering if there is any side effect to do so at this moment? Can we know more details about the legacy and infrastructure reasons? Like specific not supported scenario. Thanks.