Decode and track RequestIds

[kmacgugan]

• When generating an authn request, generate unique ID and store it for a certain time (5 minutes).
• When validating an assertion response, verify that the ID in InResponseTo (if present) matches one we know; then forget that one.

Note that both #esaml_response{} and #esaml_assertion{} gets an in_response_to field: the ID is present in both subtrees of the XML document; but for validating an assertion response, only esaml_assertion is used.

We chose not to add an ets table in esaml_utils and instead track the ID within our application, however this could be an option here.