[SAML] Proxy restriction should include all known IDP, and not only target IDP
In AuthSAML, we can allow or not that authn statements were proxified. For now, we just test this was not proxified, but we should allow proxy for all known IDP (in our circle of trust), and just refuse them from unknown IDP.