Nimbostratus
Cirrostratus
1) My preferred option if 2) below isn't possible as it's real simple and puts the control and responsibility in the hands of the people who've made the request - have the developers simply add https:// links where required, configure a new port 443 SSL Virtual Server with the relevant private key and cert installed, pointing to the same servers
2) Make it all SSL, why not? There should be real performance impact if you use the F5 to terminate and it's really, really simple!
3) Yes, an iRule could be use to redirect to HTTPS but it's going to get complicated real fast and every time something changes with the server code you'll never be sure it's doing what it should without full testing