CloneWithCommitMsgHook: Stop passing --insecure to curl

Validating certs is an important feature of HTTPS that we should not
disable, especially when downloading code that is going to be trusted.

This "curl" invocation does not take place until after a successful
"git clone", so the -k option would not be useful for dealing with
misconfigured https servers.  Any configuration that needs -k would
already be broken because of the "git clone" that comes before it.

Reported-by: Gert van Dijk <gertvdijk@gmail.com>
Bug: Issue 7562
Change-Id: Ibe14bba5c1ce30a771515ff7985796aa1b8cdadf
diff --git a/src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java b/src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java
index 79cf187..a0ed759 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/download/command/CloneWithCommitMsgHook.java
@@ -85,7 +85,7 @@
           .append(super.getCommand(scheme, project))
           .append(" && (cd ")
           .append(projectName)
-          .append(" && curl -kLo")
+          .append(" && curl -Lo")
           .append(TARGET)
           .append(HOOK)
           .append(" ")