improve handling of #WithComments

[toby-jn]

I had some issues with gosaml2 when the IdP was using the http://www.w3.org/2001/10/xml-exc-c14n#WithComments canonicalization algorithm. According to the SAML 2.0 spec:

SAML implementations SHOULD use Exclusive Canonicalization, with or without comments

So these should be handled by goxmldsig in order to support SAML correctly.

I also noticed that the existing canonicalization algorithms were not removing comments when transforming the XML in the cases that didn't have #WithComments.

This change extends the existing canonicalizers to include a comments flag, which will strip comments if not set, and adds additional AlgorithmIDs for each of the #WithComments variants.

[toby-jn]

Hi @russellhaering any chance this could be considered for merge?

[gerritmaritz]

+1 Also facing issues with an IdP that is using the WithComments variant. I see there is another PR open so this is probably affecting several consumers: #74

[sahnib]

+1. Facing similar issues for IdP using WithComments variant.

[simonbrynych]

@russellhaering this PR seems good to me and it's definitely worth merging it. I'm struggling withComments too.

[tomstaijen]

+1

[lejeuneretif]

+1 That would help a ton of people.

[CoryBond]

+1

[alolita]

@russellhaering please let us know how we can help you merge this PR? We are blocked on using this library and would greatly appreciate a response from you. Thanks in advance.

[russellhaering]

Thanks for your work on this, sorry it has taken me so (very) long to get around to looking at it!

[toby-jn]

no problem, thanks for taking the time to look 🙏