This change introduces a new `get_url_scheme()` function that centralizes
the logic for determining the HTTP/HTTPS scheme. The function handles
multiple sources including environment variables, server HTTPS flag,
and X-Forwarded-Proto header for proxy scenarios.

Both `base_url()` and `get_current_url()` now use this shared function,
ensuring consistent scheme detection across the codebase. The test has
been updated to verify the X-Forwarded-Proto header behavior.