First off: having URLs indexed with https:// instead of http:// isn't a problem for web-search. Theoretically, you usually wouldn't need to do anything to change that (though if you have an invalid SSL certificate, I imagine users could get confused).
Past that, I'd just set up a 301 redirect, and leave everything else. There's no need to include a noindex robots meta tag (you wouldn't be able to do that anyway, if the URL is redirecting), and blocking those URLs in the robots.txt would block the redirect from being seen. With the redirect, users will make it to your preferred URLs even if the https:// URLs are still indexed for a while (it will always take time for all redirects to be found and followed).