Return response' "InResponseTo" field from validation

[Philonous]

This PR adds support for InResponseTo in Response elements

• Adds field inResponseTo to Result type
• Changes the type of the validateResponse function to return it together with the validated assertion
• Should (or rather, MUST) be matched to request IDs, also depending on if unsolicited assertions are allowed.

According to saml-core [1]:

InResponseTo [Optional]
A reference to the identifier of the request to which the response corresponds, if any. If the response
is not generated in response to a request, or if the ID attribute value of a request cannot be
determined (for example, the request is malformed), then this attribute MUST NOT be present.
Otherwise, it MUST be present and its value MUST match the value of the corresponding request's
ID attribute.

Also compare this stack exchange post [2] which argues that this value should be validated

I don't think this validation has to happen within this library, but it should be returned so that callers of the library can implement it themselves, similar to how checks for duplicate assertionId are left as an exercise to the reader 😅

• [1] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38
• [2] https://security.stackexchange.com/questions/42354/do-i-have-to-validate-saml2-inresponseto

Checklist

• All definitions are documented with Haddock-style comments.
• All exported definitions have @since annotations.
• The changelog has been updated.

[Philonous]

Fixed the failing tests

[mbg]

Thank you for adding support for this! I agree that it is probably sensible to support this and validate the tag whenever possible.

I have commented on a few bits with some suggestions, which I hope make sense. Let me know what you think.

[Philonous]

I think I've addressed all the comments in new requests and I've re-based the PR onto master.

[mbg]

Looks good, thank you! Just a few minor points to change before this can be merged.

[mbg]

@Philonous I made the few last changes, rebased this, and merged it. Thank you for again your work on this! 😄