[BUG] repositories access scheme is not preserved on redirect

[teran]

Describe the bug
Currently publisher works via plain HTTP and allows to use reverse proxy for TLS termination however it doesn't aware of that and will redirect to blobs always the same way no matter what scheme was used.

In some cases like custom self-signed CA and kickstart installation there's no option to verify publisher's TLS certificate because it will required install.img to rebuild. So if the same CA was used to sign S3 endpoint TLS certificate this will cause exactly the same TLS verification issue with S3 endpoint because of the same reason.

To Reproduce
Steps to reproduce the behavior:

1. Create custom CA and two certificates: one for publisher and one for S3
2. Setup nginx or any other reverse proxy to terminate TLS connections with the certificates from previous step and setup proxy for publisher and S3
3. run publisher on plain HTTP
4. run any S3 implementation like minio
5. create namespace, container & version for baseos & appstream repositories
6. run VM with kickstart pointing to these repositories

Setup will fail on software detection step because it can't reach publisher.

Then ...
7. Use plain HTTP endpoint to access publisher and set it as a repository path with plain HTTP scheme
8. reboot the VM to start installation once again

Result will be the same but access log will show requests to publisher

Then ...
9. Switch S3 to plain HTTP
10. Reboot the VM to start installation once again

Installation will start and finish fine

Expected behavior
Use the most secure configuration (i.e. use TLS whatever possible) but keep compatibility with such cases.
So use plain HTTP for S3 redirect when request is come to publisher with plain HTTP scheme and use TLS when it was with HTTPS scheme.

Additional context
n/a