Django-digid-eherkenning

===================

* [58] Do not replace the entityID for eHerkenning with a URL when it should be a URN (happened when parsing metadata).
* [open-formulieren/open-forms3950] Improved the eHerkenning service catalogue to be compatible with Signicat.
* [open-formulieren/open-forms3950] Make eIDAS and eHerkenning LoA configuration independent of each other.
* [open-formulieren/open-forms3969] Remove support for overriding the LoA in the Authentication Request for eHerkenning and eIDAS.

===================

Maintenance release

Note that older versions of django-digid-eherkenning have an upper bound of
``maykin-python3-saml==1.16.0.post1`` due to the implicit PyOpenSSL dependency. If you
upgrade maykin-python3-saml, you also need to update to
``django-digid-eherkenning>=0.12.0``.

* Dropped the (implicit) dependency on PyOpenSSL. Now the cryptography package is used
directly.
* Made the cryptography dependency explicit.

===================

Maintenance and bugfix release

There are no expected breaking/backwards changes, but we did publish a new version of
maykin-python3-saml which has changed build/project tooling. We recommend properly
testing this flow on test/staging environments.

* Fixed the documentation build
* Updated deprecated CI actions
* Addressed build failures with lmxl 5+
* Replaced deprecated defusedxml.lxml module usage
* Removed explicit defusedxml dependency
* Fixed the handling of metadata incorrectly assumed to be string rather than bytes
* Pin lxml 4.7.1 lower bound
* Pin maykin-python3-saml lower bound (which removes the defusedxml dependency)

===================

Introduced a small behaviour change

Before, when returning from the DigiD/eHerkenning login flow and consuming the SAML
artifact (in the assertion consumer service), we checked whether the IP address of the
client was still the same IP address that initiated the authentication context. From
error monitoring, it was clear this leads to false positives, so the fatal error has now
been relaxed to a warning.

==================

Quality of life update

* [45] Added automatic metadata retrieval

* You can now configure a metadata source URL, which will download and process the
metadata automatically.
* Added a management command ``update_stored_metadata`` to refetch the metadata and
process any updates.

* Added BSN validation to mock login form.

==================

Nothing functional. Changed the verbose names of

* eHerkenning service *instance* UUID
* eIDAS service *instance* UUID