strftime is deprecated and will be removed in PHP 9. SSP 2.0 is our
chance to change this format as it's exposed to installers of SSP.

The approch is to keep it simple and just change the format to PHP's
built in date() function which remains supported. Also we do not try
to localize the logging date/timestamps anymore. This matches the syslog
approach that this format tried to mimic. We are using the day without
leading zeroes now also to be a bit closer to how syslog does it.

* Allows custom logging handler on the console

This is useful for reducing noise during tests

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

Convert to our wrapper class for assertions

* Migrate assertions to Webmozart

* Raise minimum PHP version to 7.0

* Remove tests pre-PHP 7.2

* Upgrade dev dependencies

* Ignore tests for deprecated class

* Add typehints; not touching public API

* Remove none-array replacements-param; old behaviour from pre-1.4 release

* Psalm fixes

* Add upgrade notes

* PSR-12

PSR-12 compliancy

This allows us to default to the error log, while also not breaking SSP completely. If we cannot initialize the logging handler, then we resort to the web servers log and log a critical error.

This resolves #1194

bugfix: Do not flush logs after creating a session handler, we might not have a track ID and therefore the log will be trashed.

The new `$initializing` property should signal that we are initializing the logging handler with a value of `true`, not the other way around. Also, it should only be set to `true` while we are actually initializing the logging handler.

If we reach this point, we're likely already logging the error somewhere else (i.e. the session handler in use), so there's no point on logging the exception's message again.

When we are logging something and the logger hasn't been initialized, the messages are deferred and flushed by a shutdown handler. However, when we initialize a session, we set the track ID in the logger, effectively initializing it with everything we need. When we log something and then load the session (or create it), any subsequent logs will be dumped, but the deferred logs will wait until shutdown, changing the order in which they were emitted.

This patch makes sure we flush the deferred logs as soon as we have a track ID (can either be set manually or by, most typically, loading a session). That way, we get those logs out as soon as we can, and subsequent logs entries will be dumped afterwards, keeping their relative order.

This closes #1107

Fixes edge-case https://github.com/simplesamlphp/simplesamlphp/issues/741 where application has one of the known LoggingHandlers' name as a defined class

bugfix: Make sure SimpleSAML_Session::getSessionFromRequest() always raises an exception when a transient session is used due to a misconfiguration or a temporary failure fetching an existing session.

Transient sessions are just an exceptional event, and they shouldn't be treated as regular sessions. Therefore, if we are trying to get the current session and end up with a transient one, that's because an error occurred and we should raise an exception. Since exceptions due to secure cookies trying to be set via an insecure channel are likely to be misconfigurations, we treat them like that, raising a SimpleSAML\Error\CriticalConfigurationError.

Additionally, we capture exceptions in the SimpleSAML\Logger::flush() method, ensuring the error reported in #413 doesn't happen again.

This resolves #356.