Support redirecting to app protocols

Currently the login and consent app does not allow redirecting to a non https:// or http:// url - which stops us redirecting to a url registered for a mobile app - e.g. com.myapp://oauth-redirect.

This was raised by the team looking to create an app which can emulate the university card, who were planning to use the API Gateway for authentication.