* Fix missing state parameter

* Slightly rationalize naming convention for selectors

* Add RequestedAuthnContextSelector

* Allow source-selector to return multiple sources

* Fix docs

* Revert return-type change

* Throw exception for incomplete config

* Remove test-data for non-implemented cases

* Codesniffer fix

* Move www > public

* Remove local assets

* Import remotely generated assets

* Update files to reflect www > public move

* Update upgrade notes

* Make assets-filter aware of new assets-location

* Update test-framework

* Exclude generated assets from code sniffer

- Fix several bugs to make it actually work.
- Simplify code a lot.
- Move presentation concerns to the template and use standard
  functionaliy for translation.

A small change needed to be made in the name of the css_class
setting (previously css-class) in the name of simplicity.

The old format has been replaced with a new format in SSP 1.9. The new format makes sense and it's now time to stop supporting the legacy format.

Previously, (just) a warning would be logged as
"Error 2 - something"
"Error 8192 - use of thing is deprecated"

Now this is logged as
"Warning - something"
"Deprecated - use of thing is deprecated"

This should avoid red herrings when debugging an issue when e.g. a
warning, notice or even deprecation notice looks like its an
actual error while it's not.

Clarify https and baseurlpath even more.

Also mention under logging how this relates to loggingdir above.

It's just a module now.

This was a mixture of legacy supported options, some of them
deprecated, and data types, and also implemented differently
in some places than others.

This changes it once more but hopefully for the better:
* The value is always an array or null/unset.
* You can set it to a specific array to get a specific policy.
* You can leave it unset/null to keep the default policy.
* You can set it to the empty array to signal that you do not
want any policy to be sent.
* The string and bool types are no longer allowed.

All in all this means that we can make code much simpler, a lot
less if-branching, and also typewise make use of correct typehints.

The behaviour changes are as follows:
- We drop the already deprecated option to set it as a string
  (deprecated in 1.17).
- To not send the element you need to change false to [];
  this was not deprecated before but I believe setting it to
  false was already broken in master.

* Handle null value the same as unset

* Fix tests

* Remove obsolete if-statement

- Import SimpleSAML\Session twice case warnings.
- Remove other unused imports.

Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v2.2.0...v2.2.3

)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove unused imports

* Extract child instruction and lower complexity

Add extra optional header template. This allows people to add extra header-lines without needing to override the base.twig template completely by creating _head.twig with their own meta/css/... lines. If the template is missing nothing is added.