Make using insecure connections opt-in (#1309)

* add insecure url checks

* rename variables

* add feature flags to expose Url properly

* fix test compile error

* fix feature errors

* remove comment

* add url crate and use it for url parsing

* fix compile errors

* satisfy the holy clippy

* fix typos and host loopback

* macro attribute, provide validation function in utils

* fix expected output of ui tests

* remove the success case for --allow-insecure because we cannot establish ws:// connection at the moment.

subxt/src/backend/rpc/rpc_client.rs

@@ -20,7 +20,18 @@ pub struct RpcClient {
 impl RpcClient {
     #[cfg(feature = "jsonrpsee")]
     /// Create a default RPC client pointed at some URL, currently based on [`jsonrpsee`].
+    ///
+    /// Errors if an insecure URL is provided. In this case, use [`RpcClient::from_insecure_url`] instead.
     pub async fn from_url<U: AsRef<str>>(url: U) -> Result<Self, Error> {
+        crate::utils::validate_url_is_secure(url.as_ref())?;
+        RpcClient::from_insecure_url(url).await
+    }
+
+    #[cfg(feature = "jsonrpsee")]
+    /// Create a default RPC client pointed at some URL, currently based on [`jsonrpsee`].
+    ///
+    /// Allows insecure URLs without SSL encryption, e.g. (http:// and ws:// URLs).
+    pub async fn from_insecure_url<U: AsRef<str>>(url: U) -> Result<Self, Error> {
         let client = jsonrpsee_helpers::client(url.as_ref())
             .await
             .map_err(|e| crate::error::RpcError::ClientError(Box::new(e)))?;