fix(core): host detection/NEXTAUTH_URL (#6007)
* rename `host` to `origin` internally
* rename `userOptions` to `authOptions` internally
* use object for `headers` internally
* default `method` to GET
* simplify `unstable_getServerSession`
* allow optional headers
* revert middleware
* wip getURL
* revert host detection
* use old `detectHost`
* fix/add some tests wip
* move more to core, refactor getURL
* better type auth actions
* fix custom path support (w/ api/auth)
* add `getURL` tests
* fix email tests
* fix assert tests
* custom base without api/auth, with trailing slash
* remove parseUrl from assert.ts
* return 400 when wrong url
* fix tests
* refactor
* fix protocol in dev
* fix tests
* fix custom url handling
* add todo comments
