Added php-cs-fixer config

Merge branch 'deprecate-assert-with-string' of https://github.com/fentie/simplesamlphp into PR/fentie-deprecate-assert-with-string and fix conflicts.

This can be used by templates to load resources in different ways, either optimized for the developer or for a production environment.

PSR-2 compliance in lib/SimpleSAML/Auth/ directory

Working toward some of the requested tasks in
https://github.com/simplesamlphp/simplesamlphp/wiki/List-of-tasks

Fix typo in docs/simplesamlphp-sp.md

Might not be complete, needs check with current G Suite interfaces.
But improves on the current situation.

Add sendmail_from option

This allows us to use this new filter to translate strings from a given array of translations, where every translation is indexed by its ISO 639 code. A new configuration option ('language' -> 'priorities') is available too to control the alternative languages that can be used instead of a given language, when the latter is not found. The filter returns null when no suitable translation is found, so that it can be combined with "default()" to set a default translation for a given string.

This reverts commit 0917046c.

This reverts commit 1218f38a.

When we are invoked from an outside application, SimpleSAMLphp cannot use 'baseurlpath' and in that case it tries to guess the current URL. The port was always added, even if the default port was used, leading to possible issues when comparing URLs that should actually be equivalent.

This resolves #696.

SAML2-SP: Making the AuthnInstant available in the state array

getIdpMetadata: add more debug logging

Sometimes there are issues with the metadata itself (e.g metadata
expired). These issues cannot be easily determined, due to the
Exception messages being dropped. In these cases, the current 'not
found' message can be ambiguous.

Fixes #700

Making the AuthnInstant available in the state array as saml:AuthnInstant and adding that to PersistentAuthData

Allow CLI invocation of Cron

This resolves #695.

In order to fix this, we first sanitize any URL given to SimpleSAML\Utils\HTTP::checkURLAllowed() so that we make sure we have a true URL without spurious characters. Secondly, we stop using an "onload" event in the body of the redirect page to trigger the redirect automatically. Instead, we use a "meta refresh" redirection.

This double remediation is because there were two issues here: one, we were printing user input inside a chunk of javascript code. The other exploits the fact that the header() function silently breaks when a null character is part of the URL given to a "Location" header. In that case, the HTTP 302 Redirection doesn't happen, and then the browser loads the HTML and goes through it, running the injected javascript.

This fixes #699.

Correct Redis store port argument string