Issue #5935: Introduce setting for HTTPS-Only mode

[pocmo]

This patch introduces HTTPS-Only mode. It's a draft.

• For the preference: Should we have a "learn more" URL in settings like desktop? (Desktop page)
• Preference placement: Like desktop, I created a "Security" section, that contains SafeBrowsing and this new setting. Is that okay?
• This is only a minimal version of the error page compared to desktop (See Add error pages for HTTPS ONLY MODE android-components#11306). The reason for that is that we do not support such rich error pages in A-C yet. But the error page is fully functional.
• All strings I used are from desktop. Do they work for mobile?

CC @jeffreygee

[pocmo]

Needs A-C build with mozilla-mobile/android-components#11352

[jeffreygee]

@pocmo

For the preference: Should we have a "learn more" URL in settings like desktop? (Desktop page) /
All strings I used are from desktop. Do they work for mobile? Yes, I think it's good to keep consistent with desktop. I will double check with our content designers to make sure

Preference placement: Like desktop, I created a "Security" section, that contains SafeBrowsing and this new setting. Is that okay? Looks good to me!

This is only a minimal version of the error page compared to desktop - Have we ever thought of having a secondary CTA/link below like 'Manage your settings' where we can viewport them back to their security settings?

What are your thoughts on setting the default state as toggled on to enhance the security experience for our users? Something we can probably discuss with the group in the weekly.

[pocmo]

This is only a minimal version of the error page compared to desktop - Have we ever thought of having a secondary CTA/link below like 'Manage your settings' where we can viewport them back to their security settings?

That's an interesting idea. We would need to find a way to communicate this from our "error pages" component to the app. Not impossible. But something we need to figure out.

What are your thoughts on setting the default state as toggled on to enhance the security experience for our users? Something we can probably discuss with the group in the weekly.

That sounds great. Yeah, let's discuss this. Maybe this requires us to change the error page text though. Otherwise the user may not really understand it, if they haven't enabled this themselves? 🤔

[pocmo]

Updated the PR.

• HTTPS-Only mode is now behind a feature flag that is only enabled in Nightly (and debug builds)
• The setting is now enabled by default

[mcarare]

👌

[pocmo]

Filed follow-up issues:

• Add "Learn more" link for HTTPS-Only mode setting #6008
• Figure out content for "HTTPS-Only mode" error page #6009
• Investigate deep-linking from error page to settings #6010

[jeffreygee]

@pocmo I worked with one of our content designers for strings updates:

[Settings screen]
Header: HTTPS-only mode
Subheader: Automatically attempts to connect to sites using HTTPS for increased security. HTTPS connections provide a secure, encrypted connection to websites you visit.
CTA: Learn more

[Error Page]
Title: The site you requested does not support HTTPS
Body: By default, Firefox Focus attempts to connect using HTTPS for increased security. To change this setting or to learn more, go to Settings > Privacy & Security > Security.
CTA: Continue to HTTP Site

[pocmo]

@jeffreygee Awesome, thank you! I will work on getting this updated in #6009.