Add OpenSaml 4 support

[MichaelVetter]

Please upgrade to OpenSaml 4 libraries. Currently the latest version in the Shibboleth repository is 4.0.1.
OpenSaml 3 will reach EOL soon and depends on some library versions with security issues:
https://shibboleth.1660669.n2.nabble.com/Security-issue-on-Java-OpenSaml-Library-td7646686.html
Furthermore the dependencies of OpenSaml have been cleaned up:
https://issues.shibboleth.net/jira/browse/OSJ-264
Maybe you could exclude even more transitive dependencies that are not necessary for spring-security-saml.

[jzheaux]

Since we'll be supporting Spring Security 5.5 longer than OpenSAML 3 will be supported, it might be better to add support instead of upgrade.

[tadgh]

Would be nice to see get this upgraded to OpenSaml 4 in a minor version, if at all possible. CVE scanners are lighting up Santuario/Xmlsec as well as Cryptacular, which are dependencies of OpenSaml.

CVE-2020-7226
CVE-2019-12400