Add per-SP option to verify SAML authn signatures
If processing the request/response fails due to a missing signature
the per-SP option is set as a hint for processing and the message
re-processed.
The hint cannot be set in advance because the providerId of the
remote entity is embedded in the message so needs to be processed
so we know who they are representing.
https://fedorahosted.org/ipsilon/ticket/173
Signed-off-by: Rob Crittenden <rcritten@redhat.com>