Validate Arcanist install-certificate URIs more carefully

Summary: Fixes T11222. This was lazy-future-proofed for Conduit SSH support, but users are boundlessly creative. Check protocols explicitly.

Test Plan:
```
$ arc install-certificate a.b:1/
Usage Exception: Server URI "a.b:1/" must include the "http" or "https" protocol. It should be in the form "https://phabricator.example.com/".
```

  - Also went through a successful workflow with a URI in the form provided in the example.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11222

Differential Revision: https://secure.phabricator.com/D16188

src/workflow/ArcanistInstallCertificateWorkflow.php

@@ -196,14 +196,31 @@ EOTEXT
       $uri = $conduit_uri;
     }
 
+    $example = 'https://phabricator.example.com/';
+
     $uri_object = new PhutilURI($uri);
-    if (!$uri_object->getProtocol() || !$uri_object->getDomain()) {
+    $protocol = $uri_object->getProtocol();
+    if (!$protocol || !$uri_object->getDomain()) {
       throw new ArcanistUsageException(
         pht(
           'Server URI "%s" must include a protocol and domain. It should be '.
           'in the form "%s".',
           $uri,
-          'https://phabricator.example.com/'));
+          $example));
+    }
+
+    $protocol = $uri_object->getProtocol();
+    switch ($protocol) {
+      case 'http':
+      case 'https':
+        break;
+      default:
+        throw new ArcanistUsageException(
+          pht(
+            'Server URI "%s" must include the "http" or "https" protocol. '.
+            'It should be in the form "%s".',
+            $uri,
+            $example));
     }
 
     $uri_object->setPath('/api/');