Handle encrypted assertions

[jkakavas]

InAcademia backend fails to handle encrypted assertions even though SATOSA supports it. The issue is that in
https://github.com/SUNET/svs/blob/master/src/svs/inacademia_backend.py#L29, auth_response is still encrypted. The translate() method called right below handles the decryption successfully and modifies the auth_response object in place.

The obvious solution is to call translate() first

def _translate_response(self, auth_response, state):
      # translate() will handle potentially encrypted SAML Assertions
      # auth_response object will also be modified
      internal_resp = super()._translate_response(auth_response, state)
      if 'eduPersonAffiliation' not in auth_response.ava:
          raise SATOSAAuthenticationError(state, 'Missing eduPersonAffiliation in response from IdP.')
      internal_resp.user_id = self._get_user_id(auth_response)
      if not internal_resp.user_id:
          raise SATOSAAuthenticationError(state, 'Failed to construct persistent user id from IdP response.')
       return internal_resp

The next issue is with the

      internal_resp.user_id = self._get_user_id(auth_response)

The _get_user_id() method attempts to read a unique identifier from either the SAML2 NameID or the eduPersonTargetedID / eduPersonPrincipalName attributes.
If the NameID or the eduPersonTargetedID is present, the internal_resp.user_id or internal_resp.name_id will have been populated already in the translate method ( Well SATOSA currently only handles eptid but it will soon -IdentityPython/SATOSA#95 handle NameIDs too ).

The method should be updated after the pull request has landed and incorporated in SATOSA