PyPI redirects HTTP to HTTPS by default now so using HTTPS directly
avoids the potential for that redirect being modified in flight,
helping prevent MITM attacks.

Fixes #114.