The args you receive in Lua controller functions are additional URL path segments after the target URL, so in order to pass arguments this way, you will need to poll /cgi-bin/luci/admin/network/modems/callrest/xxx/yyy where xxx would correspond to args and yyy to args. In order to access query string or HTTP POST data values, you will need to use luci.http.formvalue("paramname"), in your case luci.http.formvalue('host') and luci.http.formvalue('query')
As a side note, I hope you are aware that this:
local target= "https://" .. args.. "/" .. args
local mArray = luci.json.decode(ut.trim(ut.trim(sys.exec("curl -k -u adm:pass " .. target))))
... is a text book code/shell command injection vulnerability.
You could run arbitrary commands in root context by passing something like ?host=;rm -rf / #