Rigorously check for HTTPS when handling secure cookies

[vilmibm]

Checking that the uri instance descends from URI::HTTPS is insufficient:

http-cookie/lib/http/cookie.rb

Line 590 in 405a48b

return false if secure? && !(URI::HTTPS === uri)

Instead, this needs to check the actual scheme of the uri instance (or something else more meaningful). Faraday, for example, uses a URI::HTTP instance with scheme set to https for its secure connections and as a result can't work with this library and secure cookies.