Remove hostname check in trustOrigin

It seems this was added for test purposes but the current tests all pass without this, and
it looks a bit safer to remove it.

app/server/lib/requestUtils.ts

@@ -86,7 +86,6 @@ export function trustOrigin(req: Request, resp: Response): boolean {
   // Note that the request origin is undefined for non-CORS requests.
   const origin = req.get('origin');
   if (!origin) { return true; } // Not a CORS request.
-  if (process.env.GRIST_HOST && req.hostname === process.env.GRIST_HOST) { return true; }
   if (!allowHost(req, new URL(origin)) && !isEnvironmentAllowedHost(new URL(origin))) { return false; }
 
   // For a request to a custom domain, the full hostname must match.