default to HTTPS for apt sources

• apt has built-in HTTPS support
• The relevant mirrors have supported HTTPS for a long time
• The apt maintainers recommend using HTTPS by default
• Those that don't want certificate checking (e.g transparent proxying) can do: Acquire::https::Verify-Peer false;
• Those that want to force HTTP can do: sed -i s,https:,http:, /etc/apt/sources.list
• There is work to make Debian default to HTTPS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692
• There are many good reasons to do this: https://guardianproject.info/2021/12/08/debian-over-https/
• Our job as maintainers is to make security improvements when possible.