Move force_ssl check to production config (#2165)

The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.

config/environments/production.rb

@@ -108,6 +108,7 @@ Rails.application.configure do
 
   config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
 
+  config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
 
   config.react.variant = :production