Change project templates to have separate "http" and "https" launch profiles

[DamianEdwards]

In support of [EPIC] Revisiting HTTPS defaults in ASP.NET Core

Update project templates so that (assuming the --no-https option is false) two launch profiles are configured in the project's launchSettings.json file:

1. The first, named "http" and configured with the ApplicationUrls property set to just a non-https address

   "http": {
     "commandName": "Project",
     "dotnetRunMessages": true,
     "launchBrowser": true,
     "applicationUrl": "http://localhost:5227",
     "environmentVariables": {
       "ASPNETCORE_ENVIRONMENT": "Development"
     }
   }

2. The second, named "https", and configured with the ApplicationUrls property set to the usual two addresses, the first being https, the second being http:

   "https": {
     "commandName": "Project",
     "dotnetRunMessages": true,
     "launchBrowser": true,
     "applicationUrl": "https://localhost:7227;http://localhost:5227",
     "environmentVariables": {
       "ASPNETCORE_ENVIRONMENT": "Development"
     }
   }

Selecting an auth option of anything other than None or Indvidual in relevant templates will still force https like today & only create a single launch profile due to issues with these auth schemes use of cookies and SameSite.

The Angular & SPA templates that utilize the SpaProxy are currently authored in such a way that only https works (irrespective of the auth option) so they're not changed.

When launching this project at the command line using dotnet run or dotnet watch, the default profile selected will be the first profile, which is not configured to use https, and as such the application will start without attempting to bind to https and thus not attempt to load the dev cert (which causes UX friction issues esp. on non-Windows systems). The https profile can be selected at launch time by passing --launch-profile <launch-profile> to dotnet run, e.g.:

$ dotnet run --launch-profile https

The project will continue to have the https-aware code present so the project is ready for use with https.

[Kasraco]

Make sure that you also have settings for HTTPS in the appsettings.json file. You may need settings to allow the use of HTTPS as well as paths related to SSL certificate and private key.

  "Kestrel": {
    "EndPoints": {
      "Https": {
        "Url": "https://localhost:7227"
      }
    }
  }
}

OR

{
  "Kestrel": {
    "EndPoints": {
      "Https": {
        "Url": "https://localhost:7227",
        "Certificate": {
          "Path": "certificate.pfx",
          "Password": "password"
        }
      }
    }
  }
}

[davidfowl]

This setting isn't needed. Why do you need it? What operating system are you running on?

[Kasraco]

Yes, normally it's not needed, but when I want to use the dotnet watch run command and I also need HTTPS, I use these settings."

[davidfowl]

You use the https dev cert.