Clean up CONTRIBUTING: remove credits (outdated, mentioned elswehere) and remove info already in SECURITY.md

* Migrate old www-script to controller

* Add unit test

* Split-off Psalm for the testsuite; we can be more lenient here (errorLevel=5)

* Fix some reported issues

* Fail on error

It yielded a yaml syntax error

* Reinstate url-based authentication

* Add some unit tests

* Fix legacy url

* Fix typo

* Drop code related to legacy discojuice-module

Closes: #1759

Co-authored-by: Marko Ivančić <marko.ivancic@srce.hr>

The endpoint-change was made backwards-compatible

They only serve purpose in Github Actions

* fix: tarball extracted in current directory

* Cleanup composer-file

---------

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

It is quite fine if e.g. a theme does not have its own locales dir.
The exception is already caught, so the application does not actually
stop. So, notice it but do not raise high alarms.

* Fix missing state parameter

* Slightly rationalize naming convention for selectors

* Add RequestedAuthnContextSelector

* Allow source-selector to return multiple sources

* Fix docs

* Revert return-type change

* Throw exception for incomplete config

* Remove test-data for non-implemented cases

* Codesniffer fix

* Move www > public

* Remove local assets

* Import remotely generated assets

* Update files to reflect www > public move

* Update upgrade notes

* Make assets-filter aware of new assets-location

* Update test-framework

* Exclude generated assets from code sniffer