Add authenticated api requests support to query multiple endpoints

Squashed commits:
[cebc113] fix: tests (+2 squashed commits)
Squashed commits:
[16f467c] fix: undo changes
[0f25a49] fix: error message (+1 squashed commit)
Squashed commits:
[389a40d] fix: whites spaces (+1 squashed commit)
Squashed commits:
[08a1836] Adding additional tests, and clean up code.
add logic that graph api call, has priority compared to token
[43a6af7] Add authenticated api requests support to query multiple endpoints

Typo in var $httpClientg -> $httpClient

OpenID Connect: Fix non-canonical URL used for discovery endpoint

The OpenID Connect specification allows the Issuer to contain a
trailing slash. E.g.:

  https://example.com/oidc/

This code would form the following URL for the discovery endpoint:

  https://example.com/oidc//.well-known/openid-configuration

Some servers may reject this URL because it contains two slashes.

The OpenID Connect specification requires a trailing slash from the
Issuer to be removed before concatenating the well-known path to it:

> If the Issuer value contains a path component, any terminating / MUST
> be removed before appending /.well-known/openid-configuration.
(https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest)

This patch updates the code to remove any trailing slashes from Issuer
before concatenating.

More Openid connect work

This replaces the script that generates authsource config with just
the need to place the issuer url in the authsource config. It turns
out that some of the openid connect providers out there cycles the
signing keys so often that storing them directly in the config isn't a
good idea.

This commit also moves most of the OpenID Connect specific code into a
new Provider class, that could in theory also be used by other users
of the oauth2-client library

This makes sense since xmlseclib is already a dependency of simplesamlphp

As per https://openid.net/specs/openid-connect-frontchannel-1_0.html

 Added a generic OpenID Connect Auth module

 * Handle keys without the option x5c field. If these are RSA keys they can be parsed if phpseclib is available, otherwise they are ignored.
 * log warnings and errors to stderr using error_log.
 * Improve user feedback on issues

This uses phpseclib/phpseclib and requires dev-master to work. This
isn't added as a dependency to composer.json because it isn't run
during normal operation, and finding a set of dependencies that
includes both simplesaml and phpseclib which allows both to be
installed at the same time proved to be quite tricky.

This was found by adding the unit tests.

This involves some refactoring of the tests for the OAuth2 auth
source, so that this test class can be inherited

This gives us and additional security against injecting incorrect codes into peoples sessions, in addition to the state parameter

Added script to generate authsources configuration entry based on openid connect configuration discovery end point

This module extends the OAuth2 Auth module with the following features:
 * claims from the returned id token are added as attributes prefixed with `id_token`
 * The raw id token is added as AuthData
 * Support for the simplesamlphp ForceAuth and isPassive parameters to the authenticate call (mapping to prompt: login and prompt: none parameters in openid connect)
 * Support for generic run-time parameters to the authenticate call. Parameters with the `oidc:` prefix are passed to the authorization request (e.g $as->authenticate(['oidc:acr_values' => 'Level4']) will pass `acr_values=Level4` to the authorization request)
 * Support for RP initiated logout as per https://openid.net/specs/openid-connect-session-1_0.html section 5

Allow subclasses to set options for the authorization request based on the state parameter to the authenticate call

Update composer.lock

Fix OAuth2ResponseHandlerTest namespace usage

This together with https://github.com/cirrusidentity/simplesamlphp-test-utils/pull/1 makes all the tests pass again

Consistent terminology