Enforce valid setting for validateInResponseTo

[adamandreasson]

Description

This PR addresses the potential security vulnerability I raised in the passport-saml repo here: node-saml/passport-saml#874

• Enforce only valid settings are passed to validateInResponseTo and throw an error if any other value is passed
• Added tests for the new enforcement

A separate PR will be submitted in the passport-saml repo that updates the documentation to reflect these changes.

[codecov]

Codecov Report

Merging #314 (ab9fe53) into master (58495fe) will increase coverage by 0.04%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #314      +/-   ##
==========================================
+ Coverage   81.49%   81.54%   +0.04%     
==========================================
  Files          11       11              
  Lines         816      818       +2     
  Branches      252      253       +1     
==========================================
+ Hits          665      667       +2     
  Misses         63       63              
  Partials       88       88              

Files Changed	Coverage Δ
src/saml.ts	78.32% <100.00%> (+0.07%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[cjbarth]

I'd like to see another PR that sets the default to the more secure always.