Use a secure channel for serving the validator API

As per the spec: https://ethereum.github.io/keymanager-APIs/
> All routes SHOULD be exposed through a secure channel, such as with HTTPs, an SSH tunnel, a VPN, etc.
> All sensitive routes MUST be authenticated with a token.