fix(asr): allow HTTP endpoints with risk warning

[H-Chris233]

User description

Summary

• Remove the ASR validation-time HTTPS-only gate so HTTP endpoints such as LAN/self-hosted ASR services can be used.
• Show a non-blocking warning when the ASR endpoint starts with http://, noting API keys and audio content may leak in transit.
• Update provider warning text across locales.

Fixes #543

Verification

• cargo test --manifest-path "openless-all/app/src-tauri/Cargo.toml" asr_transcriptions_url_accepts_base_or_transcriptions_endpoint
• cargo test --manifest-path "openless-all/app/src-tauri/Cargo.toml" transcription_url_accepts_base_audio_or_full_endpoint
• cargo check --manifest-path "openless-all/app/src-tauri/Cargo.toml"
• npm --prefix "openless-all/app" run build
• git diff --check

Review

• Self-reviewed per maintainer request; no sub-agent review was used.

---

PR Type

Bug fix, Enhancement

---

Description

• Allow ASR HTTP endpoints

• Remove HTTPS-only validation gate

• Show insecure endpoint warning

• Update localized warning copy

---

Diagram Walkthrough

flowchart LR
  A["ASR endpoint input"] -- "validate" --> B["HTTP accepted"]
  B -- "if http://" --> C["Show security warning"]
  B -- "used by" --> D["ASR request URL builder"]
  D -- "verified by" --> E["HTTP path test"]

Loading

File Walkthrough

	Relevant files
Bug fix	1 files commands.rs Remove ASR HTTPS-only endpoint check                                          +4/-5
Enhancement	6 files en.ts Rewrite insecure endpoint warning text                                      +1/-1      ja.ts Rewrite insecure endpoint warning text                                      +1/-1      ko.ts Rewrite insecure endpoint warning text                                      +1/-1      zh-CN.ts Rewrite insecure endpoint warning text                                      +1/-1      zh-TW.ts Rewrite insecure endpoint warning text                                      +1/-1      ProvidersSection.tsx Add insecure ASR endpoint warning                                                +51/-42

---

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ✅ 543 - Fully compliant Compliant requirements: Removed the ASR HTTPS-only validation gate. HTTP ASR endpoints are now accepted.

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 PR contains tests

🔒 Security concerns Sensitive information exposure: allowing http:// ASR endpoints means API keys and audio payloads are sent without transport encryption. This is intentional for the feature, but anyone on the network path can intercept or modify the request when the endpoint is not trusted.

⚡ No major issues detected