Add fallback to HTTP for update manager

## Description of the need We are seeing a new frustrated Forum post regarding the failure to get update data (https://forum.backdropcms.org/forum/not-possible-check-upgrades). This seems to come up regularly. I experienced this issue and the problem was that Backdrop uses SSL to check for updates, and my local certificate used by stream_socket_client to make this socket connection with the server was expired. See https://forum.backdropcms.org/forum/issues-checking-updates-localhost Other posters found similar solutions related to expired certificates. I think this is not uncommon. ## Proposed solution Drupal 7, to this date, uses an HTTP connection to obtain the same module update information. Backdrop's defines the constant `UPDATE_DEFAULT_URL` as `https://updates.backdropcms.org/release-history`. Drupal 7 `http://updates.drupal.org/release-history`. It seems like D8/9 does use SSL to fetch update data, but provides a `update_fetch_with_http_fallback` fallback option in settings.php. It'd be great to have this feature added to Backdrop. This is the D8/9 doc explanation for this setting: ```php /** * Fallback to HTTP for Update Manager and for fetching security advisories. * * If your site fails to connect to updates.drupal.org over HTTPS (either when * fetching data on available updates, or when fetching the feed of critical * security announcements), you may uncomment this setting and set it to TRUE to * allow an insecure fallback to HTTP. Note that doing so will open your site up * to a potential man-in-the-middle attack. You should instead attempt to * resolve the issues before enabling this option. */ ```