Test for `...@example.com/...`, `http://example.com/?...`, and `http://example.com/#` URLs in `OpenRedirect`

[postmodern]

Test whether we can disable the URL hostname prefix using a @ character (which makes everything after the scheme but before the @ character as the authorization), or disabling the URL suffix using ? (indicates beginning of the query string) or # (indicates beginning of URL fragment) characters. This may require adding additional keyword arguments to OpenRedirect#initialize to control whether @, ?, # are added to the test URL.

• http://subdomain@evil.com/evil/path
• http://evil.com/?/valid/path
• http://evil.com/#/valid/path