Added NameIdPolicy support

[zealot128]

Until now, users can already supply multiple name formats given in the readme (persistent, transient etc) but it seems they were never used and the auth request will always just use the first name (method "chosen" by the NameIdFormatter always returned the first)

This PR fixes this by passing down the requested NameIdFormat from the request.

• If the saml client requests a specific format, then we can respond the name id with that format
• Keeping old behavior if no nameidpolicy passed down or none matching

Use case:

e.g. if a client app is configured Omniauth-saml:

# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :saml, 
    issuer: '...', 
    # ....
    name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",

And our IDP app is configured like this:

SamlIdp.configure do |config|
  config.name_id.formats = {
      email_address: ->(user) { user.email },
      persistent: ->(user) { user.login_name },
    }

the old behavior was, the we always got the email-address field as "uid". After this PR we get the correct name id from omniauth.

# client-app: Omniauth Callback controller e.g. /auth/saml/callback
class OmniauthCallbackController < ApplicationController
    skip_before_action :verify_authenticity_token
    def login
       request.env['omniauth.auth']['uid'] # will be == user.login_name, not user.email
    end
end