In fetch-url the --no-check-certificate option is conditioned to HTTPS.
In case of HTTP to HTTPS redirect, that option is not enabled, and may
cause fetch-url to fail if the certificate cannot be verified.
Since that option/functionality must be explicitly requested with the
debian-installer/allow_unauthenticated_ssl preseed option (i.e., user
is aware of SSL/HTTPS context and agrees w/ non-verified certificates)
we can just check for this in the HTTP protocol too, and assume HTTPS
may potentially be used, as the user specified this option.
An alternative/obvious solution in the _user_ side is to specify HTTPS
URLs upfront, but there are cases when an user does not know for sure
whether the server uses/supports that, or the server might change its
behavior and start HTTP to HTTPS redirect after URLs have spread over
(e.g., scripts and infrastructure) - thus a fix in the installer side
is a simpler and more complete approach.