Support ephemeral port numbers on loopback redirect URIs

[joostd]

The Authorization endpoint currently does not support ephemeral ports on loopback redirect uris.

This prevents native apps that use random port numbers to receive authorization codes to interoperate with OpenConext.

RFC8252 (OAuth 2.0 for Native Apps) reads in section 7.3. Loopback Interface Redirection:

   The authorization server MUST allow any port to be specified at the
   time of the request for loopback IP redirect URIs, to accommodate
   clients that obtain an available ephemeral port from the operating
   system at the time of the request.

This could be changed easily by ignoring port numbers on redirect URIs for loopback addresses. See https://github.com/OpenConext/OpenConext-oidcng/blob/master/src/main/java/oidc/endpoints/AuthorizationEndpoint.java#L231

[oharsta]

Solved by only comparing schema, host and path. See https://github.com/OpenConext/OpenConext-oidcng/blob/master/src/main/java/oidc/model/ProvidedRedirectURI.java#L18