Allow IdP entity ID and SSO/SLO URLs to be stored via Key module (key: prefix)

Problem/Motivation

The module already supports storing SP private key, SP certificate, and
IdP certificate(s) via the Key module using a key:<key-entity-id> prefix in configuration.
This allows environment-specific or secret-backed values (for example via the Key module’s Environment provider) without
storing secrets in the database or exported configuration.

The three IdP string settings — IdP Entity ID, Single Sign-On Service URL, and Single Logout Service URL —
are still plain text only. Sites that need different IdP endpoints per environment (dev / QA / prod) must either manage these
in settings.php overrides, use config split, or accept the same values everywhere. There is no way to reference
a Key entity for these fields.

Steps to reproduce

1. Go to /admin/config/people/saml/saml and open the Identity Provider section.
2. Observe that the IdP Entity ID, Single Sign-On Service URL, and Single Logout Service URL fields only accept plain text values,
   unlike the certificate fields and the similar “Service Provider” section which support the key: prefix via the Key module.

Proposed resolution

1. Runtime resolution
   In SamlService::reformatConfig(), resolve idp_entity_id,
   idp_single_sign_on_service, and idp_single_log_out_service through a new helper
   (for example resolveKeyValue()) when the stored value has a key: prefix, using the existing
   Key repository. Values without the prefix are returned unchanged so current configurations keep working.
2. Configuration form
   In the SAML configuration form (Identity Provider section), replace the single text/URL fields for these three settings with
   the same pattern used for IdP certificates:
   • A “Type of values” selector: Key storage vs Configuration (plain text).
   • When “Key storage” is selected: a Key entity dropdown for each of the three fields.
   • When “Configuration (plain text)” is selected: the existing text/URL inputs.
   • On save, store either key:<key-entity-id> or the plain value; on load, parse the prefix and populate the correct widget.

   This reuses the module’s existing key: pattern and does not change the configuration schema or other behavior.

Benefits

• IdP entity ID and SSO/SLO URLs can be driven by environment variables or other Key providers (for example vault),
  so dev/QA/prod can differ without config exports or manual UI changes.
• Aligns IdP string settings with how SP key, SP cert, and IdP certs already work.
• Backward compatible: existing plain-text values continue to work.

Version

8.x-3.x (patch produced against 8.x-3.13).

How to test

1. Install samlauth and the Key module; apply the patch.
2. In Configuration → SAML authentication, open the Identity Provider section.
3. Confirm a “Type of values to save for the IdP endpoint fields” selector with options
   Key storage and Configuration (plain text).
4. With Key storage selected, confirm three Key dropdowns (IdP Entity ID, SSO URL, SLO URL); with
   Configuration (plain text) selected, confirm the three text/URL fields.
5. Create Key entities (for example using the Environment provider) for IdP entity ID and SSO/SLO URLs; select them, save,
   and verify SAML login still works.
6. Switch one field to plain text, save, and confirm the value is stored and used without the key: prefix.