Either force SSL or consistently respect G5_AUTH_REDIRECT_URI

[maeve]

The devise-omniauth integration dynamically constructs the OAuth 2.0 redirect URI based on the current request URL. This causes problems when the scheme in the request URL and the registered redirect URI do not match (e.g. the redirect URI uses HTTPS but the client application was accessed using plain HTTP).

The quick fix is for the client application to force HTTPS for all requests, which is generally a good idea for most of our apps anyway. This should be added to the instructions in the README.

To cover all possibilities, it would also be nice if we respected the G5_AUTH_REDIRECT_URI environment variable if it has been set.