Strict redirect uri validator app auth with path

[njparakh]

What issue does this PR address?
#3974

Does this PR introduce a breaking change?
No

Please check if the PR fulfills these requirements

• [✓ ] The commit follows our guidelines
• [ ✓] Unit Tests for the changes have been added (for bug fixes / features)

Other information:
This PR is similar to this one but does not use RegEx. It allows for a path in the Loopback address, but does not validate that path.

I'd like to acknowledge VictorioBerra - the unit tests added in this PR are based on the unit tests he wrote in his PR.

[dnfclas]

All CLA requirements met.

[brockallen]

Nice, thanks!

[MichelJansson]

This is a great add.
But now with the SameSite cookie changes, everything needs to be HTTPS, even for loopback. Can we also allow https://127.0.0.1?

I realize it's only the http scheme that the RFC covers - but would it be less safe to also allow https?

[github-actions]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.