This is supposed to trigger a unit test failure when using http: rather
than https: URLs. This is obviously imperfect, so it has support for
module or line specific overrides. This should also not get enabled by
default as long as this basically triggers everywhere.
The Python script is from Sandro, the CMake integration and URI blacklist