PyPI redirects HTTP to HTTPS by default now so using HTTPS directly
avoids the potential for that redirect being modified in flight,
helping prevent MITM attacks.

Fixes #114.

(cherry picked from commit fac9979f516fe1b080258f9b367401a8cc1832e8)