fix: propagate AllowHTTP to SourceURL() scheme selection

SourceURL() previously hardcoded https:// regardless of the AllowHTTP
config setting. This made testing with HTTP-only test servers impossible.

Add AllowHTTP field to ImageRequest and use it to determine the URL
scheme. The Service propagates the config setting to each request.

Fixes #1

internal/imgcache/service.go

@@ -21,6 +21,7 @@ type Service struct {
 	signer    *Signer
 	whitelist *HostWhitelist
 	log       *slog.Logger
+	allowHTTP bool
 }
 
 // ServiceConfig holds configuration for the image service.
@@ -68,6 +69,11 @@ func NewService(cfg *ServiceConfig) (*Service, error) {
 		log = slog.Default()
 	}
 
+	allowHTTP := false
+	if cfg.FetcherConfig != nil {
+		allowHTTP = cfg.FetcherConfig.AllowHTTP
+	}
+
 	return &Service{
 		cache:     cfg.Cache,
 		fetcher:   fetcher,
@@ -75,6 +81,7 @@ func NewService(cfg *ServiceConfig) (*Service, error) {
 		signer:    signer,
 		whitelist: NewHostWhitelist(cfg.Whitelist),
 		log:       log,
+		allowHTTP: allowHTTP,
 	}, nil
 }
 
@@ -83,6 +90,9 @@ var ErrNegativeCached = errors.New("request is in negative cache (recently faile
 
 // Get retrieves a processed image, fetching and processing if necessary.
 func (s *Service) Get(ctx context.Context, req *ImageRequest) (*ImageResponse, error) {
+	// Propagate AllowHTTP setting to the request
+	req.AllowHTTP = s.allowHTTP
+
 	// Check negative cache first - skip fetching for recently-failed URLs
 	negHit, err := s.cache.checkNegativeCache(ctx, req)
 	if err != nil {