Allow Signature validation of both the Response XML as well as the Assertion within

[vikramraja1995]

Currently when signature validation is enabled, if either the response or the assertion is correctly signed, then it is marked as valid. This request is to have the option to verify that both the response as well as the assertion are correctly signed.

[ahacker1-securesaml]

We don't mark saml responses as valid in ruby-saml.

Our approach is to verify any signature and then only process the contents it covers.

Using this approach we don't have to worry about whether response or assertion is signed. By only processing signed contents we are secure.

For example, if response is signed, the signed data would be a response element with its assertions. No need to verify any other signature