Fix Authentik outpost callback by preserving original Host header

The outpost route now preserves the original request host (e.g., email.fuo.fi)
instead of changing it to the upstream host. This allows Authentik to properly
construct redirect URLs after processing authentication callbacks.

src/lib/caddy.ts

@@ -368,11 +368,13 @@ function buildProxyRoutes(
         ]
       };
 
+      // For the outpost route (callbacks), always preserve the original Host header
+      // so Authentik knows which domain to redirect back to after authentication
       if (authentik.setOutpostHostHeader) {
         outpostHandler.headers = {
           request: {
             set: {
-              Host: ["{http.reverse_proxy.upstream.host}"]
+              Host: ["{http.request.host}"]
             }
           }
         };