Prohibit SDK providers to use non-encrypted HTTP links for SDKs

Related to https://github.com/CocoaPods/CocoaPods/pull/7249, fixes https://github.com/CocoaPods/CocoaPods/issues/7238

I'll add tests, once I get the ok that this is the right location and the right approach. For now I used the `error` method to fail the validation. I believe that it's the right thing to do, there is no good excuse to transfer executable over non-encrypted protocols, however I do understand that this might throw off some SDK providers, and them being overwhelmed when they quickly need to push an update.

You all have more context around what the users are like, and if they have a way to work around this, just let me know what you're deciding on 👍

lib/cocoapods/validator.rb

@@ -307,6 +307,7 @@ module Pod
       validate_screenshots(spec)
       validate_social_media_url(spec)
       validate_documentation_url(spec)
+      validate_source_url(spec)
 
       valid = spec.available_platforms.send(fail_fast ? :all? : :each) do |platform|
         UI.message "\n\n#{spec} - Analyzing on #{platform} platform.".green.reversed
@@ -393,6 +394,17 @@ module Pod
       validate_url(spec.documentation_url) if spec.documentation_url
     end
 
+    # Performs validations related to the `source` -> `http` attribute (if exists)
+    #
+    def validate_source_url(spec)
+      return if spec.source.nil? || spec.source[:http].nil?
+      url = spec.source[:http]
+      return if url.downcase.start_with?("https://")
+      error('http', "The URL (#{url}) doesn't use the encrypted HTTPs protocol. " \
+            'It is crucial for Pods to be transferred over a secure protocol to protect your users from man-in-the-middle attacks. '\
+            'Please update the URL to use https and try again.')
+    end
+
     # Performs validation for which version of Swift is used during validation.
     #
     # The user will be warned that the default version of Swift was used if the following things are true: