HTTPS mirrors

We should allow or force our mirrors to server ISO images through HTTPS. This would be a cheap protection from simple MitM and other network attacks as they have been reported to us already (<FBypOyHFqoU059kPZzuL1jfruC8kTPJa@tails.boum.org-schleuder>).

team: intrigeri, u

Blueprint: https://tails.boum.org/blueprint/HTTP_mirror_pool/#HTTPS

Subtasks

#12834 (closed)
#12835 (closed)
#12837 (closed)
#13597 (closed)

Related issues

Related to #11623 (closed)
Related to #9102 (closed)
Related to #12836
Related to #12833

Original created by @sajolida on 9796 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information