Token cookie can exceed 4kb

[BryceDFisher]

Per RFC2109, Cookies cannot exceed 4kb. I have recently run into a situation where the token cookie set in samlsp/cookie.go:83 can exceed the 4kb limit if used with a user that has a large number of the roles claim. Need to come up with an alternate method of transmitting the information to the service provider code during the redirect than storing it in the cookie.

[BryceDFisher]

Firefox explicitly does this check: https://dxr.mozilla.org/mozilla-central/source/netwerk/cookie/nsCookieService.cpp#3292

[crewjam]

I think that in the context of the SP refactoring in #230, this could be accomplished either outside of the library or ancillary to the library.

e.g. https://github.com/crewjam/saml/blob/d6b6a968fc5fa75650c75b16faadb1fd73588367/example/gzipcookie/gzipcookie.go

(Tests don't work yet as of this writing)

What do you think of that as a solution?

[crewjam]

Closing because #230 landed which should allow compression where and how you'd like. If you end up writing an implementation of one of these new interfaces, a PR would be most welcome. Thanks!