The old privatekey_pass was (wrongly) expected to be reused for the new
privatekey_pass. That prevented my SP from loading the new_privatekey.
Users could not log in from entities using the new key.

Clarify that the new key needs a new_privatekey_pass entry.

Co-authored-by: Marko Ivančić <marko.ivancic@srce.hr>

* Conform SAML2INT; check AuthnRequest signature unless specifically disabled

* Migrate email utils to non-static

* Migrate http utils to non-static

* Migrate net utils to non-static

* Migrate random utils to non-static

* Migrate system utils to non-static

* Migrate time utils to non-static

* Migrate xml utils to non-static

* Upgrade notes

* Update test-framework

* Fix tests

* Migrate array utils to non-static

* Migrate attribute utils to non-static

* Migrate auth utils to non-static

* Migrate config utils to non-static

* Migrate crypto utils to non-static

* Raise coverage

* Fix rebase issue

Closes: #1430

This would otherwise terminate win an error because checkURLAllowed
does not accept a null parameter.

When looking up the IdP to authenticate, the try/catch block would
swallow the more specific exceptions that are generated and display
them all as a single 'not found' exception. This means that the
more specific "Metadata not found" exception page was never rendered,
or also the "Metadata expired" exception not displayed. We don't
need the try/catch here, instead can rely on the exceptions that this
call will generate by itself.

Improve error handling

* Configurable ProviderName

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

Closes #1346

Convert to our wrapper class for assertions

Fix several bugs in saml:NameIDAttribute authproc filter & raise coverage

fix_createLogoutTable_method