v0.3.0

Significant changes, primarily around preventing replay attacks:

• Check validity of NotBefore and NotOnOrAfter elements in assertions -- #35, #38
  • Note that this is on by default, so is a potentially breaking change.
• Optionally, check inResponseTo ids to make sure each response matches a request, and that there is only one response to any request -- #37
• Require latest xml-crypto, and stop monkey-patching xml-crypto
• Documentation fix #39