Handle SSL enabled sites differently

[codelion]

Refer to the disc here

We should scan the domains in the following way

• First try to access http://domain.com, if that redirects to https then scan and grade as we do now
• If that doesn't redirect to https then instead of reporting Missing Strict-Transport-Security we can report TLS/SSL is not enabled (The connection to this web server is vulnerable to man-in-the-middle and eavesdropping attacks.). And still score it the same way as a missing HSTS header.
• If the user enters the full URL with https then we just scan that directly, if the user enters the full URL as http we do the same as above.

[codelion]

This was fixed in https://github.com/srcclr/security-headers/pull/14