Issue #1909142 by xamanu: Fixed Basic sreg values for nickname and email will be ignored by relying party (openid core module).

Conflicts:
	openid_provider.inc
	openid_provider.module

Conflicts:
	openid_provider.inc

1441586 by David_Rothstein: properly sign nickname and email since we send them out in auth_response

This reverts commit 36e69583.

This code is used by third-party modules, see #1471324

we then stop deleting them in save, and correctly load only the non-expired ones when verifying

we were using an undefined value

while we're here, improve debugging

this invalidates shared associations in verification responses

to prompt the user

requets

this may make some authentication requests fail as we now validate
association requests

this completes the implementation of 10.1... i think :)

Conflicts:

	openid_provider.inc

this is actually useful on D6 too, as we remove warnings

we add openid.ns fields in responses that were missing some and
clarify error messages

we try to association functions with standard items

we notice a lot of functions that are not called anywhere or not
implemented properly

this is faster because we do not have to build this huge form and send
it to the client.

this works because we are setting the nonce properly now

this will lead to undefined results on a lot of RP that do not
tolerate well duplicate data between POST and GET. Perl's CGI module
is one of those. this commit therefore completely fixes logins with
ikiwiki (#1158356).

section 9.1 states that "Note: The return_to URL MAY be used as a
mechanism for the Relying Party to attach context about the
authentication request to the authentication response." I am
interpreting this as "the OP SHOULD disregard the context within the
return_to URL".

with this commit, all RP I could test (Redmine, Ikiwiki, Stackoverflow
and Drupal 6) work without a flaw, with HTTP or form redirection. I
stay with form redirection for now to not mix things but this can be
optimized later.

this is a procedure from the standard (section 10) that was missing
from our implementation

to implement this, we refactor the association creation in a separate
function that is now used in the authentication response

this partly fixes logins with ikiwiki's Perl modules (#1158356), but
will probably make the implementation private associations (#506530)
easier.

we do this by cleaning up the generated form to make sure we only send data that ruby expects.

for some reason we were adding stuff to the response here, this should be done outside of the function, and we now do so in openid_provider_unsolicited_assertion()

Only D7's core function works properly.

This reverts commit 63b58373.