Auto merge of #24704 - Darkspirit:https, r=jdm

HSTS & CA updates; Fix Debian bootstrap; Default to https on Android, too.

- Updated HSTS Preload list using ./mach update-hsts-preload
- Updated CA [database](https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV) using etc/cert_generator.sh.
  - No additions.
  - [bug 1552374](https://bugzilla.mozilla.org/show_bug.cgi?id=1552374) removed Certinomis - Root CA
  - [bug 1574670](https://bugzilla.mozilla.org/show_bug.cgi?id=1574670) removed Class 2 Primary CA and Deutsche Telekom Root CA 2
  - [bug 1586081](https://bugzilla.mozilla.org/show_bug.cgi?id=1586081) removed GlobalSign Extended Validation CA - SHA256 - G2
- Updated Public Suffix list using ./mach update-pub-domains
- Default to https on Android, too. Desktop was done in #23363.
Keep http:// after `android.webkit.URLUtil.guessUrl()` url sanitization only if the user explicitly typed it into the address bar.
Small warning: I don't have an Android build environment yet, but still wanted to try to contribute these two lines.
- Fixed `./mach bootstrap` for Debian Testing. Regression from #24512.
After `pip install distro` (#24561) I finally got `Exception: mach bootstrap does not support Debian GNU/Linux, please file a bug`.
distrib and version were "debian" and "bullseye/sid" before, now they are "debian gnu/linux" and "testing".
- Use HSTS preload list for private HttpState, too. Private HttpState currently [creates an empty HSTS list](f7fb130a2a/components/net/http_loader.rs (L93-L95)). In contrast, regular HttpState first creates HstsList from Preload list and then adds further HSTS entries previously saved on disk.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)

<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

components/net/resource_thread.rs

@@ -141,19 +141,31 @@ fn create_http_states(
         None => resources::read_string(Resource::SSLCertificates),
     };
 
-    let ssl_connector_builder = create_ssl_connector_builder(&certs);
     let http_state = HttpState {
+        hsts_list: RwLock::new(hsts_list),
         cookie_jar: RwLock::new(cookie_jar),
         auth_cache: RwLock::new(auth_cache),
+        history_states: RwLock::new(HashMap::new()),
         http_cache: RwLock::new(http_cache),
         http_cache_state: Mutex::new(HashMap::new()),
-        hsts_list: RwLock::new(hsts_list),
-        history_states: RwLock::new(HashMap::new()),
-        client: create_http_client(ssl_connector_builder, HANDLE.lock().unwrap().executor()),
+        client: create_http_client(
+            create_ssl_connector_builder(&certs),
+            HANDLE.lock().unwrap().executor(),
+        ),
     };
 
-    let private_ssl_client = create_ssl_connector_builder(&certs);
-    let private_http_state = HttpState::new(private_ssl_client);
+    let private_http_state = HttpState {
+        hsts_list: RwLock::new(HstsList::from_servo_preload()),
+        cookie_jar: RwLock::new(CookieStorage::new(150)),
+        auth_cache: RwLock::new(AuthCache::new()),
+        history_states: RwLock::new(HashMap::new()),
+        http_cache: RwLock::new(HttpCache::new()),
+        http_cache_state: Mutex::new(HashMap::new()),
+        client: create_http_client(
+            create_ssl_connector_builder(&certs),
+            HANDLE.lock().unwrap().executor(),
+        ),
+    };
 
     (Arc::new(http_state), Arc::new(private_http_state))
 }