Use HTTPS as more secure default for --default-scheme

[ailurarctos]

Problem statement

When the Swagger definition does not specify the schemes and no --default-scheme is specified on the CLI go-swagger will currently choose HTTP. Would you be open to changing this default --default-scheme to HTTPS?

The benefit to using HTTPS as the default is it is more secure. The downside is that changing this might break existing users that expect the default --default-scheme to be HTTP.

Background

In grpc-ecosystem/grpc-gateway#1069 we changed grpc-gateway so that it only adds a schemes key to the Swagger definition if the user explicitly specifies one or more schemes. This was done to support generating a Swagger definition with no schemes (which means to use the scheme used to access the definition itself).

We tested a few generators and in the case of go-swagger we found that this would cause clients to start using HTTP instead of HTTPS. Hence this issue.

Swagger specification

Any Swagger definition without schemes will do:

swagger: "2.0"
info:
  version: "1.0"
  title: "Hello World"
paths:
  /hello:
    get:
      description: Returns a hello message.
      responses:
        200:
          description: The hello message.
          schema:
            type: string

Steps to reproduce

Generating a client with ./swagger_linux_amd64 generate client -f hello_world.swagger.yaml will produce a client that uses HTTP:

client/hello_world_client.go:var DefaultSchemes = []string{"http"}

Environment

]$ ./swagger_linux_amd64 version
version: v0.21.0
commit: 7c0fc3ee340f9d99d85573bc54a57e303a639692