feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979)

# Which Problems Are Solved

ZITADEL currently always uses
`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` in SAML requests,
relying on the IdP to respect that flag and always return a peristent
nameid in order to be able to map the external user with an existing
user (idp link) in ZITADEL.
In case the IdP however returns a
`urn:oasis:names:tc:SAML:2.0:nameid-format:transient` (transient)
nameid, the attribute will differ between each request and it will not
be possible to match existing users.

# How the Problems Are Solved

This PR adds the following two options on SAML IdP:
- **nameIDFormat**: allows to set the nameid-format used in the SAML
Request
- **transientMappingAttributeName**: allows to set an attribute name,
which will be used instead of the nameid itself in case the returned
nameid-format is transient

# Additional Changes

To reduce impact on current installations, the `idp_templates6_saml`
table is altered with the two added columns by a setup job. New
installations will automatically get the table with the two columns
directly.
All idp unit tests are updated to use `expectEventstore` instead of the
deprecated `eventstoreExpect`.

# Additional Context

Closes #7483
Closes #7743

---------

Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>

internal/static/i18n/bg.yaml

@@ -534,6 +534,7 @@ Errors:
     IDPMissing: IDP липсва в заявката
     IDPInvalid: IDP невалиден за заявката
     ResponseInvalid: Отговорът на IDP е невалиден
+    MissingSingleMappingAttribute: Не съдържа атрибута за съпоставяне или има повече от една стойност
     SuccessURLMissing: В заявката липсва URL адрес за успех
     FailureURLMissing: В заявката липсва URL адрес за грешка
     StateMissing: В заявката липсва параметър състояние

internal/static/i18n/cs.yaml

@@ -514,6 +514,7 @@ Errors:
     IDPMissing: V požadavku chybí IDP ID
     IDPInvalid: IDP je pro požadavek neplatné
     ResponseInvalid: Odpověď IDP je neplatná
+    MissingSingleMappingAttribute: Neobsahuje atribut mapování nebo má více než jednu hodnotu
     SuccessURLMissing: V požadavku chybí úspěšná URL
     FailureURLMissing: V požadavku chybí URL selhání
     StateMissing: V požadavku chybí parametr stavu

internal/static/i18n/de.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: IDP ID fehlt im Request
     IDPInvalid: IDP ungültig für die Anfrage
     ResponseInvalid: IDP-Antwort ist ungültig
+    MissingSingleMappingAttribute: Enthält das Zuordnungsattribut nicht oder hat mehr als einen Wert
     SuccessURLMissing: Success URL fehlt im Request
     FailureURLMissing: Failure URL fehlt im Request
     StateMissing: State parameter fehlt im Request

internal/static/i18n/en.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: IDP ID is missing in the request
     IDPInvalid: IDP invalid for the request
     ResponseInvalid: IDP response is invalid
+    MissingSingleMappingAttribute: IDP response does not contain the mapping attribute or has more than one value
     SuccessURLMissing: Success URL is missing in the request
     FailureURLMissing: Failure URL is missing in the request
     StateMissing: State parameter is missing in the request

internal/static/i18n/es.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: Falta IDP en la solicitud
     IDPInvalid: IDP no válido para la solicitud
     ResponseInvalid: La respuesta del IDP no es válida
+    MissingSingleMappingAttribute: No contiene el atributo de asignación o tiene más de un valor
     SuccessURLMissing: Falta la URL de éxito en la solicitud
     FailureURLMissing: Falta la URL de error en la solicitud
     StateMissing: Falta un parámetro de estado en la solicitud

internal/static/i18n/fr.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: IDP manquant dans la requête
     IDPInvalid: IDP non valide pour la demande
     ResponseInvalid: La réponse de l'IDP n'est pas valide
+    MissingSingleMappingAttribute: Ne contient pas l'attribut de mappage ou a plus d'une valeur
     SuccessURLMissing: Success URL absent de la requête
     FailureURLMissing: Failure URL absent de la requête
     StateMissing: Paramètre d'état manquant dans la requête

internal/static/i18n/it.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: IDP mancante nella richiesta
     IDPInvalid: IDP non valido per la richiesta
     ResponseInvalid: La risposta dell'IDP non è valida
+    MissingSingleMappingAttribute: Non contiene l'attributo di mapping o ha più di un valore
     SuccessURLMissing: URL di successo mancante nella richiesta
     FailureURLMissing: URL di errore mancante nella richiesta
     StateMissing: parametro di stato mancante nella richiesta

internal/static/i18n/ja.yaml

@@ -505,6 +505,7 @@ Errors:
     IDPMissing: リクエストにIDP IDが含まれていません
     IDPInvalid: リクエストのIDPが無効
     ResponseInvalid: IDPの回答は無効
+    MissingSingleMappingAttribute: マッピング属性が含まれていない、または複数の値がある
     SuccessURLMissing: リクエストに成功時の URL がありません
     FailureURLMissing: リクエストに失敗の URL がありません
     StateMissing: リクエストに State パラメータがありません

internal/static/i18n/mk.yaml

@@ -515,6 +515,7 @@ Errors:
     IDPMissing: ID на IDP недостасува во барањето6bg
     IDPInvalid: ВРЛ неважечки за барањето
     ResponseInvalid: Одговорот на ВРЛ е неважечки
+    MissingSingleMappingAttribute: не го содржи атрибутот за мапирање или има повеќе од една вредност
     SuccessURLMissing: URL за успех недостасува во барањето
     FailureURLMissing: URL за неуспех недостасува во барањето
     StateMissing: Параметарот State недостасува во барањето

internal/static/i18n/nl.yaml

@@ -515,6 +515,7 @@ Errors:
     IDPMissing: IDP ID ontbreekt in het verzoek
     IDPInvalid: IDP ongeldig voor het verzoek
     ResponseInvalid: IDP respons is ongeldig
+    MissingSingleMappingAttribute: Bevat kenmerk toewijzing niet of heeft meer dan één waarde
     SuccessURLMissing: Success URL ontbreekt in het verzoek
     FailureURLMissing: Failure URL ontbreekt in het verzoek
     StateMissing: Staat parameter ontbreekt in het verzoek

internal/static/i18n/pl.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: Brak identyfikatora IDP w żądaniu
     IDPInvalid: IDP nieprawidłowe dla żądania
     ResponseInvalid: Odpowiedź IDP jest nieprawidłowa
+    MissingSingleMappingAttribute: Nie zawiera atrybutu mapowania lub ma więcej niż jedną wartość
     SuccessURLMissing: Brak adresu URL powodzenia w żądaniu
     FailureURLMissing: Brak adresu URL niepowodzenia w żądaniu
     StateMissing: Brak parametru stanu w żądaniu

internal/static/i18n/pt.yaml

@@ -515,6 +515,7 @@ Errors:
     IDPMissing: O ID do IDP está faltando na solicitação
     IDPInvalid: IDP inválido para o pedido
     ResponseInvalid: A resposta da PDI é inválida
+    MissingSingleMappingAttribute: Não contém o atributo de mapeamento ou tem mais de um valor
     SuccessURLMissing: A URL de sucesso está faltando na solicitação
     FailureURLMissing: A URL de falha está faltando na solicitação
     StateMissing: O parâmetro de estado está faltando na solicitação

internal/static/i18n/ru.yaml

@@ -505,6 +505,7 @@ Errors:
       NoChallenge: Сеанс без вызова WebAuthN
   Intent:
     IDPMissing: В запросе отсутствует идентификатор IDP
+    MissingSingleMappingAttribute: Не содержит атрибут сопоставления или имеет более одного значения
     SuccessURLMissing: В запросе отсутствует URL-адрес успешного выполнения
     FailureURLMissing: В запросе отсутствует URL-адрес ошибки
     StateMissing: В запросе отсутствует параметр State

internal/static/i18n/zh.yaml

@@ -516,6 +516,7 @@ Errors:
     IDPMissing: 请求中缺少IDP ID
     IDPInvalid: 请求的 IDP 无效
     ResponseInvalid: IDP 响应无效
+    MissingSingleMappingAttribute: 不包含映射属性或具有多个值
     SuccessURLMissing: 请求中缺少成功URL
     FailureURLMissing: 请求中缺少失败的URL
     StateMissing: 请求中缺少状态参数