security: Fix MITM RCE vulnerability in microcode scripts

- Changed Intel microcode download from HTTP to HTTPS
- Added --proto '=https' flag to curl to prevent protocol downgrade attacks
- Simplified output parameter from basename to direct variable reference
- Affects: tools/pve/microcode.sh (line 79) and tools/pve/pbs-microcode.sh (line 93)
- CVSS: 6.5 (Medium) - CWE-494, CWE-300, CWE-829
- Impact: Prevents network-path MITM attacks that could lead to root RCE

The AMD branch was already using HTTPS, this fix brings Intel branch
to parity and closes the vulnerability reported in security advisory.

tools/pve/microcode.sh

@@ -76,7 +76,7 @@ intel() {
   }
 
   msg_info "Downloading the Intel Processor Microcode Package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
   msg_ok "Downloaded the Intel Processor Microcode Package $microcode"
 
   msg_info "Installing $microcode (Patience)"

tools/pve/pbs-microcode.sh

@@ -90,7 +90,7 @@ intel() {
   }
 
   msg_info "Downloading Intel processor microcode package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
   msg_ok "Downloaded Intel processor microcode package $microcode"
 
   msg_info "Installing $microcode (this might take a while)"