Refine error reporting for identity assertion

[dontcallmedom]

Raised by @stefhak

From https://lists.w3.org/Archives/Public/public-webrtc/2016Sep/0071.html

"A single error for all the intros that can go wrong in generating a identity assertions is not enough. Need to be able to separate all the different types of errors."

and

"Need ways to report errors of checking identity assertions"

[dontcallmedom]

Comment by @ekr

There are a huge pile of IDP errors already defined:

idp-bad-script-failure | The script loaded from the identity provider is not valid                 JavaScript or did not implement the correct interfaces.
-- | --
idp-execution-failure | The identity provider has thrown an exception or                 returned a rejected promise.
idp-load-failure | Loading of the IdP URI has failed. The                 httpRequestStatusCode attribute is                 set to the HTTP status code of the response.
idp-need-login | The identity provider requires the user to login. The                 idpLoginUrl attribute is set to the URL that                 can be used to login.
idp-timeout | The IdP timer has expired.
idp-tls-failure | The TLS certificate used for the IdP HTTPS connection                 is not trusted.
idp-token-expired | The IdP token has expired.
idp-token-invalid

I think this can be closed.