generic: support GCM_ALLOW_UNSAFE_REMOTES option

Note that we only emit a warning for the generic host provider rather
than failing-fast like the other providers do. This is because we
never blocked HTTP remotes previously in the generic provider (which is
often used for localhost, custom hosts, etc) and don't want to break
any existing scenarios or scripts.

The new option can be used to dismiss this warning message.

Author: mjcheetham

src/shared/Core/GenericHostProvider.cs

@@ -54,6 +54,17 @@ public override async Task<ICredential> GenerateCredentialAsync(InputArguments i
         {
             ThrowIfDisposed();
 
+            // We only want to *warn* about HTTP remotes for the generic provider because it supports all protocols
+            // and, historically, we never blocked HTTP remotes in this provider.
+            // The user can always set the 'GCM_ALLOW_UNSAFE' setting to silence the warning.
+            if (!Context.Settings.AllowUnsafeRemotes &&
+                StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))
+            {
+                Context.Streams.Error.WriteLine(
+                    "warning: use of unencrypted HTTP remote URLs is not recommended; " +
+                    $"see {Constants.HelpUrls.GcmUnsafeRemotes} for more information.");
+            }
+
             Uri uri = input.GetRemoteUri();
 
             // Determine the if the host supports Windows Integration Authentication (WIA) or OAuth