Suggestion about adding a validation logic for Recipient of SAML Response

[akasakashota]

According to some SAML specifications (4.1.4.3 in SAMLProf and 6.4.2 in SAMLSec), the specs says that a Service Provider MUST check the Recipient attribute of the SAML response. However, there doesn't seem to be any logic for validation in this library.

IMO, Audience validation may suffice in the majority of cases, but I think it is desirable to validate Recipient because there is a clear difference in the specifications between them.

[cjbarth]

@akasakashota , please provide a PR to accomplish this.