Always load gravatars over HTTPS

[dimadin]

By default, when page is loaded over HTTP, gravatars are also loaded over HTTP. This can and should be changed.

There are two things here:

• First thing is that default URL base in get_avatar_data() needs to be changed. Now, if page is loaded over HTTP, it uses domain sharding technique to load gravatar from one of three hostnames, (0|1|2).gravatar.com. With HTTP/2, domain sharding ​is obsolete. When page is loaded over HTTPS, gravatar is (correctly) always loaded from one hostname, secure.gravatar.com. I have changed this behavior so that only hostname used is www.gravatar.com. All of these five hostnames are behind CDN so speed wise it doesn't matter what hostname is used, but someone from @automattic can give review.
• Second thing is that default URL scheme used in get_avatar_data() needs to be changed. Now, default scheme is null. Since that value is passed to set_url_scheme() it means that scheme of URL is changed to scheme of loaded page. To be able to always have HTTPS scheme by default, default scheme value need to be changed from null to https. For this, I have updated get_avatar_data(), get_avatar_url() and get_avatar(), and their documentation, but I have not added changelog since I'm unsure should we log changes in one of attributes.

I have also updated tests.

Trac ticket: https://core.trac.wordpress.org/ticket/54363

[sabernhardt]

[58822] enforced HTTPS for Gravatar URLs, so this probably can be closed as a duplicate of #37454 (or as fixed on the 6.7 milestone).

[johnbillion]

Duplicate of #37454.