Use HTTPS for hosting the sudo rustup.sh script

[brycefisher]

Using HTTPS goes a long way towards ensuring that the actual rustup.sh script is the one executed by users using elevated permissions. Serving the content in the clear provides no guarrantee that the script content sent is what will be received by the client. IMHO, this represents a critical threat to the rust developer community since this script is run by a large fraction of the rust community almost everyday.

This website could easily be served over HTTPS by using CloudFront or any of several other CDNs that charge $0 extra for TLS using "server name indication". I've written up a detailed blog post describing how to serve a statically generated website from AWS S3 encrypted using CloudFront for less than $10 for the year.

I'd be happy to help with this effort if that would be appreciated.

[brycefisher]

After thinking about this issue some more, I have an easier to implement suggestion: use the github url which HTTPS instead of the rust-lang.org url which is HTTP.

Specifically, we ought to

1. Leave all the infrastructure the same as it currently is
2. Encourage all users to only access rustup.sh over the github url above for security reasons

I don't know of a way to make github urls redirect, otherwise that would be the best solution.

[brycefisher]

Duplicate of rust-lang/rust#16123