Add a setting to allow non-SSL HTTP URL as Redirect URL

[frankie567]

Following discussion #230, I think it could be a good idea to have a setting to disable the HTTPS requirement for Client Redirect URL.

In some contexts, like private deployments, it may be useful to disable it. Of course, this would need a proper warning in the related documentation.

Plan:

• Add a client_redirect_uri_ssl_required to Settings. Defaults to True.
• Update validate_redirect_uri implementation to account for this parameter.
• Document the setting in Environment Variables. Add a warning callout to mention it's dangerous to set it to False.

[augusto-herrmann]

I support this idea.

Having such an option is actually indispensable if

• you are developing locally with containers and need to have an application container and a fief container talk to each other inside the container network (e.g. docker compose, minikube, etc.)
• you are implementing a CI/CD workflow (e.g. for using TDD) and the worker needs to create temporary containers for the application and Fief – they need to be able to talk to each other over http in order to run the automated tests.