Code cleanup: SamlSPAuth::login, IdP properties, saml_sp__get_metadata(), unused variables

Problem/Motivation

I was messing around with phpcs and phpstan while trying to figure out a way forward on #3118296: Add extra fields to config and found a bunch of little problems:

1. We were returning a render array from SamlSPAuth::login(), and its parent only allows string or null.
2. We were testing to make sure we got arrays back from Idp::getAuthnContextClassRef() and Idp::getX509Cert when it’s impossible not to.
3. We were not correctly checking for errors when generating metadata for the SamlSpConfig form.
4. We had several unused variables in addition to the ones eliminated by fixing the stuff above.

Proposed resolution

MR fixes most of those, hopefully without breaking anything.

I also disabled the D12 checks in .gitlab-ci.yml until we’re actually ready to start testing against D12.

Remaining tasks

• I did not fix the unused variables in the parts of saml_sp_drupal_login.module that are likely to be removed in the course of finishing #3118296: Add extra fields to config.
• I did not do anything about unused $acsUrl in SamlSPMetadata.php.
• I did not remove $_POST from saml_sp__is_valid_authentication_response() because that whole function is deprecated.
• SamlSPDrupalLoginController.php tests for !empty($allowlist) even though phpstan says that’s always going to succeed, and I don’t have SecKit set up on any of my sites right now to verify either way.