Incomplete handling of `Conditions`

[Philonous]

To check the validity of an Assertion, we should also check AudienceRestrictions. (This doesn't seem to happen at the moment)

To quote [1] (lines 922 - 925)

Note that multiple elements MAY be included in a single assertion, and each MUST be evaluated independently. The effect of this requirement and the preceding definition is that within a given condition, the audiences form a disjunction (an "OR") while multiple conditions form a conjunction (an "AND").

As I understand it, this means:

• The Conditions can contain multiple (zero or more) <AudienceRestriction> elements
• Each AudienceRestriction can include multiple (one or more) Audience elements
• To validate an AudienceRestriction, we have to accept one of the Audiences in it (OR), but all of the AudienceRestrictions have be validated (AND)

I'll work on a PR

References:

• [1] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=23

[Philonous]

• I don't think ProxyRestriction is relevant for wai-saml2 because we are not issuing our own assertions. It might be potentially useful for a user of the library, but I don't plan on implementing it, since I won't be needing it.
• I'm not sure what to make of OneTimeUse. wai-saml2 doesn't cache assertions, so I don't think we need to validate this condition. I won't implement this for now either