API: Fix missing wildcards after login redirect (#4348)

This PR fixes an issue where the `scopes` parameter would see its wildmark
characters (*) removed during the login page redirection, after that a call
to `/authorize_token` was made while the user was not logged in.

Closes issue 4200

src/invidious/helpers/utils.cr

@@ -262,7 +262,7 @@ def get_referer(env, fallback = "/", unroll = true)
   end
 
   referer = referer.request_target
-  referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,0-9a-zA-Z]/, "").lstrip("/\\")
+  referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,*0-9a-zA-Z]/, "").lstrip("/\\")
 
   if referer == env.request.path
     referer = fallback