If your page gets called using https protocol, any relative path to an external css will be called using https protocol as well. Are you really need to encrypt/decrypt css contents? :D However, if you use absolute path referring to an external css, you can specify the protocol to use, generally http rather than https. Maybe I am wrong!
Please let me know whether or not my mental model is totally wrong.
Yes you are correct, relative paths will use the same protocol you're currently on, fully qualified paths can include whatever protocol they want.
You typically want the relative behavior to act like it does, otherwise you'll get a insecure-content warning if you're loading http:// resources on a https:// page in most browsers.
Yes, css/js specified by relative path will be loaded using HTTPS. No, you won't have to decrypt the contents, the browser will do it for you. Yes, you can refer to css/js by using absolute path, specifying the protocol, including HTTP. One thing you have to be careful is that some browsers will prompt a warning about a secure site loading insecure contents.
As others have answered, your model is correct. A really fun feature that many people are not aware of is protocol relative urls. "//www.foo.com/bar.html" is a perfectly valid URL and will preserve the current protocol.
This is very handy if you are outputting HTML which must work on http and https but needs some host names (e.g. to support static.foo.com / images.foo.com).