Fix checking subdomains

[varjolintu]

Fix checking subdomains when retrieving credentials.

Description

After title matching was removed with release 2.3.4 the subdomain handling broke. Base domain of the URL will be used for EntrySearcher instead of hostname.

With this fix:

• Entry URL https://google.com: matches https://*.google.com, does not match http://*.google.com
• Entry URL google.com with scheme matching off: matches *://*.google.com
• Entry URL https://accounts.google.com: matches https://accounts.google.com, does not match with https://*.google.com
• Entry URL accounts.google.com with scheme matching off: matches *://accounts.google.com

Motivation and context

Fixes keepassxreboot/keepassxc-browser#283.
Fixes #2291

## How has this been tested?
Manually, and with local tests.

## Types of changes
<!--- What types of changes does your code introduce? -->
<!--- Please remove all lines which don't apply. -->
- ✅ Bug fix (non-breaking change which fixes an issue)

## Checklist:
<!--- Please go over all the following points. -->
<!--- Again, remove any lines which don't apply. -->
<!--- Pull Requests that don't fulfill all [REQUIRED] requisites are likely -->
<!--- to be sent back to you for correction or will be rejected.  -->
- ✅ I have read the **CONTRIBUTING** document. **[REQUIRED]**
- ✅ My code follows the code style of this project. **[REQUIRED]**
- ✅ All new and existing tests passed. **[REQUIRED]**
- ✅ I have compiled and verified my code with `-DWITH_ASAN=ON`. **[REQUIRED]** 

[droidmonkey]

These two lines need to be broken up and comments added. Took me a while to figure out what was going on.

[droidmonkey]

Recommend changing the second term to !hostname.contains(qurl.topLevelDomain()) for clarity.

[droidmonkey]

Just replace "base" with "baseDomain(hostname)", no need for a temp variable with a questionable name.

[varjolintu]

Issues fixed & PR rebased.

[pillarsdotnet]

After being annoyed at the bug for a couple weeks, I found this PR, recompiled my copy, and ran it for a couple days. Got two console errors; the first popped up immediately and the second some time later:

bobvin@T560:~/github/keepassxc/build$ keepassxc
QObject::startTimer: Timers cannot have negative intervals
"Maximum depth of replacement has been reached. Entry uuid: {ae9f0413-cf2e-aa93-ac9c-76cb8b9c5986}"

[varjolintu]

@pillarsdotnet Those errors are not related to this PR. The first one I have seen multiple times, the second is caused by placeholder resolver.

[TheZ3ro]

Seems good

[phoerious]

Nitpick: why is this not a proper docblock?

[pahhur]

Ok, I place my question and thoughts about the non-working matching algorithm here,
meaning those that maybe haven't been discussed yet.

---

Consider, you have a special link, the user wants to open.
Let's say, the link is xyz.de/login

xyz is an international company with locale support on their web sites.

If you call xyz.de/login, you get the german site, no matter if you are in Germany, or elsewhere.
The address is remapped by them to de.xyz.com/login. That's why the typical german user would specify xyz.de/login in the URL field (Yes he could specify de.xyz.com/login, too, but that is not the typical use case. The non-technical user even might not understand that the URL for him has been changed in the background. Furthermore, the webmaster of site xyz might be using a different nomen clatura for that in the next month, and instead of de.xyz.com, then germany.xyz.com would be used, while the original link of xyz.de/login would still work)

If you call xyz.com/login, you get the international site or a local site in the language of the country where you are. The link is remapped to something like www.xyz.com/login, **www.xyz.co.uk/login", or no.xyz.com/login (Norway)

Thus, if the (german) keepassxc user wants to open the correct site for him, he has to specify the .de link. However, for the credentials to be provided correctly by keepassxc, the field must have a value of xyz.com right now.

Also consider that the user is not always be able to change any language settings when in an internet cafe in a foreign country, or might be using a VPN.

Examples of sites with such a behaviour are linkedin, or xing.

Maybe it would be a good idea to separate the field in two. One field for the URL to open, and one optional field for the mapper, in case the mapping cannot be derived from the first URL.

---

I dont know if this point is a good idea

* Entry URL `https://accounts.google.com`: matches `https://accounts.google.com`, does not match with `https://*.google.com`

for the websites sometimes load balance their requests. Thus a request for

accounts.xyz.com

would sometimes be changed by them to

accounts1.xyz.com
accounts2.xyz.com
accounts3.xyz.com
accounts5.xyz.com
accounts99.xyz.com

If you apply your rule (saying *.xyz.com will not match), then there is no chance for the user to specify a URL that is matching at all, in case he wants to jump to the accounts page and not the xyz.com page.

[droidmonkey]

This is what cloned entries are for. You can clone the original one and change the URL to a redirect page or alternative login domain. The latter example you provided is increasingly rare due to modern load balancing being handled by smart dns routing instead of multiple sub domains.