fix(saml): Push AuthenticationSucceededOnApplication milestone for SAML sessions (#10263)

# Which Problems Are Solved

The SAML session (v2 login) currently does not push a
`AuthenticationSucceededOnApplication` milestone upon successful SAML
login for the first time. The changes in this PR address this issue.

# How the Problems Are Solved

Add a new function to set the appropriate milestone, and call this
function after a successful SAML request.

# Additional Changes

N/A

# Additional Context

- Closes #9592

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>

internal/command/milestone.go

@@ -133,6 +133,30 @@ func (s *OIDCSessionEvents) SetMilestones(ctx context.Context, clientID string,
 	return postCommit, nil
 }
 
+func (s *SAMLSessionEvents) SetMilestones(ctx context.Context) (postCommit func(ctx context.Context), err error) {
+	postCommit = func(ctx context.Context) {}
+	milestones, err := s.commands.GetMilestonesReached(ctx)
+	if err != nil {
+		return postCommit, err
+	}
+
+	instance := authz.GetInstance(ctx)
+	aggregate := milestone.NewAggregate(ctx)
+	var invalidate bool
+	if !milestones.AuthenticationSucceededOnInstance {
+		s.events = append(s.events, milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnInstance))
+		invalidate = true
+	}
+	if !milestones.AuthenticationSucceededOnApplication {
+		s.events = append(s.events, milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnApplication))
+		invalidate = true
+	}
+	if invalidate {
+		postCommit = s.commands.invalidateMilestoneCachePostCommit(instance.InstanceID())
+	}
+	return postCommit, nil
+}
+
 func (c *Commands) projectCreatedMilestone(ctx context.Context, cmds *[]eventstore.Command) (postCommit func(ctx context.Context), err error) {
 	postCommit = func(ctx context.Context) {}
 	if isSystemUser(ctx) {