feat: warning if accessed in insecure context

messages/en.json

@@ -318,5 +318,8 @@
 			"description": "For questions, email us at: [email_link]hello@vert.sh[/email_link]. If you are using a third-party instance of VERT, please contact the hoster of that instance instead."
 		},
 		"last_updated": "Last updated: 2025-10-29"
+	},
+	"toast": {
+		"insecure_context": "You are visiting VERT in an insecure context (e.g. accessing over HTTP instead of HTTPS). Some features may not work as expected."
 	}
 }

src/routes/+layout.svelte

@@ -22,6 +22,8 @@
 	import { browser } from "$app/environment";
 	import { initStores as initAnimStores } from "$lib/util/animation.js";
 	import { VertdInstance } from "$lib/sections/settings/vertdSettings.svelte.js";
+	import { ToastManager } from "$lib/util/toast.svelte.js";
+	import { m } from "$lib/paraglide/messages.js";
 
 	let { children, data } = $props();
 	let enablePlausible = $state(false);
@@ -92,6 +94,15 @@
 				});
 		}
 
+		// detect if insecure context
+		if (!window.isSecureContext) {
+			ToastManager.add({
+				type: "warning",
+				message: m["toast.insecure_context"](),
+				disappearing: false,
+			});
+		}
+
 		return () => {
 			window.removeEventListener("paste", handlePaste);
 			window.removeEventListener("resize", handleResize);