SourceIPSelector: set defaultSource to null to throw NotFound-exception when none of the zones are matched

It gets quite fiddly to get this right. The actual metadata (hosted on
the `host` itself) is alreafy correct because the URL generator uses the
'current' entity metadata and current URL. The admin interface of course
presents all entities in one page and hence cannot rely on the current
URL. Therefore we need to override the url host for this specific
display case.

Closes: #1774

* Migrate to super-linter

* Fix css-linter errors

* Fix yaml-linter errors

* Remove unnecessary config

* Change order of the CI-workflow

* Bump nosborn

* Fix logout completion for SP

Reference parameters need to be explicitely marked as such in the arguments
array when using call_user_func_array().

Fixes the following exception:

SimpleSAML\Error\Exception: Warning - Parameter 1 to SimpleSAML\Auth\Source::completeLogout() expected to be a reference, value given at .../vendor/simplesamlphp/simplesamlphp/src/SimpleSAML/HTTP/RunnableResponse.php:72
Backtrace:
4 .../vendor/simplesamlphp/simplesamlphp/public/_include.php:86 (SimpleSAML_error_handler)
3 [builtin] (call_user_func_array)
2 .../vendor/simplesamlphp/simplesamlphp/src/SimpleSAML/HTTP/RunnableResponse.php:72 (SimpleSAML\HTTP\RunnableResponse::sendContent)
1 .../vendor/symfony/http-foundation/Response.php:394 (Symfony\Component\HttpFoundation\Response::send)
0 .../vendor/simplesamlphp/simplesamlphp/public/module.php:14 (N/A)

* Add note in changelog

---------

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

It seems with the addition of twig templates another way to process
these links (or other links) has been started but which is broken. The
original way still remains in the code. Make it clearer which links this
concerns by making the template variable more explicit and remove the
unused tabs code.

Closes: #1770

We accept AuthState via untrusted URL parameters. As a defense in
depth measure, validate that it conforms to our expected format
before we output it again in HTML, feed it to a database, use the
URL or do any further processing with it.

Closes: #1706

* Reset submit-button on back-button

* Fix back-button for test-authsource page for non SP-sources

* Update changelog

This does it in one place and avoids this module/template-specific thing
from ending up in the PHP metadata array for the entity.

Deal with this in multiauth and document that this is the case

* Migrate old www-script to controller

* Add unit test

It yielded a yaml syntax error

* Reinstate url-based authentication

* Add some unit tests

* Fix legacy url

* Fix typo

* Drop code related to legacy discojuice-module

Closes: #1759