Fix 0012879: Gravatars don't work with Content-Security-Policy

Gravatar URLs are modified depending on whether the MantisBT instance is
being accessed via secure HTTP. If MantisBT is browsed via secure HTTP
then Gravatars are loaded via secure HTTP from gravatar.com.

The logic was incorrectly reversed in the code dealing with
Gravatar/X-Content-Security-Policy integration. This led to Gravatars
being blocked entirely (both both plain and secure HTTP) in browsers
that implement X-Content-Security-Policy.

Thank you to Keith Survell for reporting, debugging and providing the
solution to this problem.