LP#1314827: On login, don't allow referer-based redirect to external site

LP#1314827: On login, don't allow referer-based redirect to external site

On /eg/opac/login, if no redirect_to param is provided, the TPAC will
attempt to use the referer (if any) as the redirect destination. This
leads to undesirable behavior if the referring URL is from an external
site.

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Ben Shum <bshum@biblio.org>