Use new features for risk and returnUrl

[PeterOrneholm]

Is your feature request related to a problem? Please describe.
In #453 / #454 we implemented the new properties for risk and returnUrl, they can now be used by the core package to enhance the security in the flow.

Describe the solution you'd like

• Set returnRisk to true for all requests so that the one implementing Active Login can act on the risk level
• Allow for the risk on the Requirement to be set for both auth and sign
• Set the returnUrl withn a nonce that we keep in our state cookie and then verify it on return

[elinohlsson]

This last part of this issue about the return url, is available in the pre-release v11.1.0-rc1. See the release notes for details.

The feature will also be included in the next stable release.

[elinohlsson]

✅ This feature is now available in the stable release v11.1.0.
See the release notes for details.

I will now close this issue.