geocoder.ca defaults to http and puts auth in query string

[adjenks]

Just some suggestions about security.

Providers should default to using https when possible. It's better to start secure and let the user choose to downgrade. The geocoder provider defaults to http.

Providers should avoid putting authentication parameters in query strings because they are more likely to get logged somewhere, geocoder.ca accepts post requests, so this would be possible, but the provider code currently uses a query string parameter.