fix(#9122): detect unsafe redirection on login

[garethbowen]

Description

#9122

Code review checklist

• Readable: Concise, well named, follows the style guide, documented if necessary.
• Documented: Configuration and user documentation on cht-docs
• Tested: Unit and/or e2e where appropriate
• Internationalised: All user facing text
• Backwards compatible: Works with existing data and configuration or includes a migration. Any breaking changes documented in the release notes.

Compose URLs

If Build CI hasn't passed, these may 404:

• Core
• CouchDB Single
• CouchDB Cluster

License

The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.

[garethbowen]

@sugat009 Would you mind reviewing this? Check out the issue for details on what it's trying to protect against.

It's more complicated than I'd like. The "proper" solution is not to take a URL as parameter but rather take enough context to go to redirect to the right place. Alternatively instead of having the redirect in the http response we could just load the app and pass the path to angular to sort out. But it's fiddly to do this and may break backwards compatibility so this is the safer option for now.