Password reset link injection allows redirect to malicious URL

@cablej found a vulnerability in our password reset functionality that allowed an attacker using an HTTP request with a modified `Host` header to cause a password reset link to be emailed to the target user that would navigate to the attacker's domain. Because the password reset emails are sent from the Mavenlink email infrastructure, this email, while unexpected by the user, could appear to be legitimate. As a result the user's account could be compromised if they were convinced to enter their login details on the attacker's website.