[Proposal] Add Authn Request arguments in context.state

[peppelinux]

I could be wrong, so forgive me eventually!

Using Saml2Saml I found that SATOSA does not check the consistency between in_response_to and the identifier of the original Authn Request. Specifically, in satosa.frontends.saml2.SAMLFrontend._handle_authn_request, here:

SATOSA/src/satosa/frontends/saml2.py

Line 207 in 473bf95

context.state[self.name] = self._create_state_data(context, idp.response_args(authn_req),

we do not carry with us any attributes related to the authentication request, which instead could be useful in the authn_response method, within which we could carry out various consistency checks.

I give an example. If we, after

SATOSA/src/satosa/frontends/saml2.py

Line 207 in 473bf95

context.state[self.name] = self._create_state_data(context, idp.response_args(authn_req),

, value, for example

context.state ['req_args'] = {'id': authn_req.id}

This would allow us to get a check on the in_response_to value in the authn_response method.
This approach I made here:
italia/Satosa-Saml2Spid@e72ad20#diff-003c65e5c4d89f24821f8a6a35d9b75ce5ea60424cd58cff14cebb58ee783327R319

Where I needed to check that the "in_response_to" replied by the-evil-idp would have been checked with the originated authentication request id, here:
https://github.com/peppelinux/Satosa-Saml2Spid/blob/e72ad2086027d718ee5724fe74079ad13fd0eae3/example/backends/spidsaml2_validator.py#L38

Overall, with this approach, I manage to get this useful exception

  File "./backends/spidsaml2_validator.py", line 42, in validate_in_response_to
    raise Exception (f'In response To not valid: {self.in_response_to}! = {self.response.in_response_to} ')
Exception: In response To not valid: id-BeQddIJ1oYwE4VvMI! = Inresponsetodiversodaidrequest