* Raise minimum PHP version to 7.0

* Remove tests pre-PHP 7.2

* Upgrade dev dependencies

* Ignore tests for deprecated class

* Add typehints; not touching public API

* Remove none-array replacements-param; old behaviour from pre-1.4 release

* Psalm fixes

* Add upgrade notes

* PSR-12

PSR-12 compliancy

This allows us to default to the error log, while also not breaking SSP completely. If we cannot initialize the logging handler, then we resort to the web servers log and log a critical error.

This resolves #1194

bugfix: Do not flush logs after creating a session handler, we might not have a track ID and therefore the log will be trashed.

The new `$initializing` property should signal that we are initializing the logging handler with a value of `true`, not the other way around. Also, it should only be set to `true` while we are actually initializing the logging handler.

If we reach this point, we're likely already logging the error somewhere else (i.e. the session handler in use), so there's no point on logging the exception's message again.

When we are logging something and the logger hasn't been initialized, the messages are deferred and flushed by a shutdown handler. However, when we initialize a session, we set the track ID in the logger, effectively initializing it with everything we need. When we log something and then load the session (or create it), any subsequent logs will be dumped, but the deferred logs will wait until shutdown, changing the order in which they were emitted.

This patch makes sure we flush the deferred logs as soon as we have a track ID (can either be set manually or by, most typically, loading a session). That way, we get those logs out as soon as we can, and subsequent logs entries will be dumped afterwards, keeping their relative order.

This closes #1107

Fixes edge-case https://github.com/simplesamlphp/simplesamlphp/issues/741 where application has one of the known LoggingHandlers' name as a defined class

bugfix: Make sure SimpleSAML_Session::getSessionFromRequest() always raises an exception when a transient session is used due to a misconfiguration or a temporary failure fetching an existing session.

Transient sessions are just an exceptional event, and they shouldn't be treated as regular sessions. Therefore, if we are trying to get the current session and end up with a transient one, that's because an error occurred and we should raise an exception. Since exceptions due to secure cookies trying to be set via an insecure channel are likely to be misconfigurations, we treat them like that, raising a SimpleSAML\Error\CriticalConfigurationError.

Additionally, we capture exceptions in the SimpleSAML\Logger::flush() method, ensuring the error reported in #413 doesn't happen again.

This resolves #356.

Fix an issue with the SimpleSAML\Logger class that was still trying to fetch the track ID from the session when running from the command line, where there's obviously no session at all.

Migrate all the logging handlers to namespaces. Make SimpleSAML\Logger a bit more intelligent so that it allows using custom logging handlers. Now you just need to implement SimpleSAML\Logger\LogginghandlerInterface in a class, and set the 'logging.handler' option in the configuration file to a string with the full name of your class.

If we are invoked from the command line, log the messages to standard error, instead of ignoring them.

Since we allow now defering log messages while we are initializing logging, we no longer need to dump them to the error log.

Allow passing as a parameter the logging handler to use in SimpleSAML\Logger::createLoggingHandler().

Move the error-reporting logic in SimpleSAML_Utilities to the SimpleSAML_Logger class, and add a new method there to evaluate whether an error would be masked or not according to its level.

Prevent the SimpleSAML_Logger class from creating loops while trying to get the track ID from the session. It must now be set manually by calling SimpleSAML_Logger::setTrackID(). Also allow SimpleSAML_Memcache to differentiate between a key not found in memcache and a request to memcache failed. If all servers are down, an exception is thrown and the user informed about the internal error. This hopefully resolves #264.

Rename SimpleSAML_Session::getInstance() to SimpleSAML_Session::getSessionFromRequest(), and leave the former as deprecated.