Using HTTPS URLs from a non-HTTPS site can make browsers think
that there's a cross-site issue, for example when loading JSON data
via qvitter HTTP API calls (which makes the browsers block the data,
which breaks Qvitter).
So let the site config decide whether to use HTTPS or not;
on `ssl = sometimes' sites, generally try to use HTTPS only when
it's consistent with how the current page is being loaded
(which is consistent with what the main GNU Social code does).