Remove TLS bits from internal sites behind cache_misc
All of these services live behind cache_misc, which
unconditionally provides and enforces standardized HTTPS and HSTS.
Getting rid of the redundant redirect/HSTS code in them makes it
simpler to audit the puppet repo for functional TLS-related
configuration on actual directly-public sites with less confusion.
One could make the argument that these role/sites could eventually
be re-used for a direct service, but if so the configuration would
be completely different. What they do today (port 80 vhost with
!XFP->redir, +HSTS) does not make sense for a directly-public
site, which would instead have port 80 vhost with unconditional
redir and a port 443 vhost with +HSTS.