Allow requests to opt out of HTTPS enforcement

[chlowell]

Our logic for authenticating a multipart request currently fails because preparing one entails passing requests with schemeless URLs to BearerTokenCredentialPolicy, which duly raises because these URLs don't start with "https".

As a workaround for this and other cases in which enforcing HTTPS is unnecessary or undesirable, this change allows individual requests to opt out of https enforcement via an enforce_https context option (i.e. a keyword argument to pipeline.run).

[xiangyan99]

We need to handle retry case (enforce_https is already popped)

[bryevdv]

Would it be valuable to be more precise? Allow schema-less URLs (behind a flag, presumably), but still never allow URLs that start with "http://" ?

[chlowell]

Allowing schemeless URLs is a reasonable way to solve the problem for storage but I think it's a weird special case for the general purpose bearer auth policy we have in azure-core. So, I think that (reasonable) solution belongs in the storage libraries.

I landed on allowing opting out of the enforcement entirely because it solves the problem at hand in a more general way I think will be useful when we find another similar scenario we want to support. For example, I'm running Azure Stack on a network I trust, and I care about TLS overhead.

[bryevdv]

@chlowell I didn't mean to suggest moving this, only making the "lax" mode here a little less lax

[chlowell]

I follow you, what I meant is that I think configuration to disable validation entirely is more generally useful and less weird than configuration to allow malformed URLs. If we don't want the more general configuration (which is okay, no one's asked for it), I think storage clients should implement a custom policy.

[adxsdk6]

Can one of the admins verify this patch?