[BUG] Ordering of statements is wrong in example controller.xq

In the README.md an example controller.xq file is given here, that follows the basic ordering of checks:

if no valid token, redirect to SAML auth

if (exsaml:is-enabled() and not(exsaml:check-valid-saml-token()))

if logout, invalidate SAML token
```
else if ($exist:path = '/logout')
```
handle SP endpoint to process SAML response in HTTP POST
```
else if($exist:path = "/SAML2SP")
```
else, your controller code...

Unfortunately, this is the wrong ordering of checks. If the above is followed, a never-ending loop occurs between the SP and IdP (via the User Agent).

To explain the never ending loop:

The SP (eXist-db) receives a HTTP request from the User Agent and fires the controller.xql.
The check at position 1 of the controller.xql(above) causes the initial redirect of the User Agent from the SP to the IdP (e.g. Microsoft Azure).
IdP authenticates the User Agent and provides them with an HTML Form that will HTTP POST the SAML Response to the SP.
User Agent submits the HTML Form, and thus HTTP POST's the SAML Response to the SP.
The SP receives the HTTP POST and fires the controller.xql
The The check at position 1 of the controller.xql(above) AGAIN causes a redirect of the User Agent from the SP to the IdP (e.g. Microsoft Azure)... And so we go back to Step 1...

The example controller.xql in the README.md file is incorrect and needs to be refactored so that checks (1) and (3) of the controller.xq (at the top of this issue) are swapped. Ideally further checks should also be added to differentiate between HTTP GET and POST requests and the action that should be taken.

eXist-db / existdb-saml

[BUG] Ordering of statements is wrong in example controller.xq #13