Remove `SERVER_NAME` config for the duration of requests

* because otherwise, `url_for()` will prefer that value over the HTTP
  Host header value
* this causes issues for us with our multi-domain setup, in conjunction
  with the OIDC redirects - given that `SERVER_NAME` can only be a
  scalar value, trying to login on a secondary domain will redirect to
  the primary one and typically fail (because sessions are different, etc.)
* also make sure that the `APP_ALLOWED_HOSTS` config contains the
  `SERVER_NAME` if set