[aur-general] Securing the AUR website

[Lukas Fleischer]

For all tl;dr guys around. This is my proposal:

* Use HTTPs links by default (this is already implemented).

* Enable secure cookies.

* Disallow HTTP login (or at least print a big, fat warning if a user
  tries to login via HTTP).

* Possibly use HSTS.

This should fix all possible vulnerabilities related to HTTPs we can
actually fix. Let me know if I missed something.