mosquitto: bump version to 1.4.14

Drop CVE 2017-9868 patch as that is now upstream.

1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.

Use HTTPS for the download as the server uses HSTS, thus saving a redirect.

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>