feat(saml): add SignatureMethod config for SAML IDP (#10520)

# Which Problems Are Solved
When a SAML IDP is created, the signing algorithm defaults to
`RSA-SHA1`.
This PR adds the functionality to configure the signing algorithm while
creating or updating a SAML IDP. When nothing is specified, `RSA-SHA1`
is the default.

Available options:
* RSA_SHA1
* RSA_SHA256
* RSA_SHA512

# How the Problems Are Solved

By introducing a new optional config to specify the Signing Algorithm.

# Additional Changes
N/A

# Additional Context
- Closes #9842

An existing bug in the UpdateSAMLProvider API will be fixed as a
followup in a different
[PR](https://github.com/zitadel/zitadel/pull/10557).

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit 255d42da65)

internal/command/org_idp.go

@@ -1766,6 +1766,7 @@ func (c *Commands) prepareAddOrgSAMLProvider(a *org.Aggregate, writeModel *OrgSA
 					cert,
 					provider.Binding,
 					provider.WithSignedRequest,
+					provider.SignatureAlgorithm,
 					provider.NameIDFormat,
 					provider.TransientMappingAttributeName,
 					provider.FederatedLogoutEnabled,
@@ -1820,6 +1821,7 @@ func (c *Commands) prepareUpdateOrgSAMLProvider(a *org.Aggregate, writeModel *Or
 				c.idpConfigEncryption,
 				provider.Binding,
 				provider.WithSignedRequest,
+				provider.SignatureAlgorithm,
 				provider.NameIDFormat,
 				provider.TransientMappingAttributeName,
 				provider.FederatedLogoutEnabled,
@@ -1866,6 +1868,7 @@ func (c *Commands) prepareRegenerateOrgSAMLProviderCertificate(a *org.Aggregate,
 				c.idpConfigEncryption,
 				writeModel.Binding,
 				writeModel.WithSignedRequest,
+				writeModel.SignatureAlgorithm,
 				writeModel.NameIDFormat,
 				writeModel.TransientMappingAttributeName,
 				writeModel.FederatedLogoutEnabled,