feat: use hostname checking csrf referer whitelist instead of host

Checklist

[x] npm test passes
[ ] tests and/or benchmarks are included
[x] documentation is changed or added
[x] commit message follows commit guidelines

Affected core subsystem(s)

egg-security

Description of change

Use hostname checking csrf referer whitelist instead of host. In current version, www.alipay.net:8000 will not match refererWhiteList: [ 'alipay.net' ]. Maybe it is necessary to change host to hostname when checking a url whether in refererWhiteList.

eggjs / egg-security

feat: use hostname checking csrf referer whitelist instead of host #71

Checklist

Affected core subsystem(s)

Description of change