Provide SAML metadata facility for CAS

Code changes per above have been committed and profile specification updated accordingly. See https://wiki.shibboleth.net/confluence/display/SC/CASMetadataProfile.

Per discussion on IDP-644, plan to rework a couple points:

1. Use spec-defined URN for SLO location, urn:mace:shibboleth:profile:CAS:logout, to indicate that the logout message is delivered to the same URI that requested a ticket.

2. Use SPSSODescriptor with ACS endpoint to indicate proxy support.

Proposed metadata profile that is consistent with latest code:

https://wiki.shibboleth.net/confluence/display/IDP30/CASMetadataProfile

Added a further commit, b90991490881714028d9b1a5b81fee976712df35, to avoid repurposing SAML binding URI for CAS endpoints per suggestion from . Use the following binding URIs:

1. https://www.apereo.org/cas/protocol/login for ACS endpoint

2. https://www.apereo.org/cas/protocol/logout for SLO endpoint

I have completed the implementation for this feature in the following commits:

cbfbd4c24e26d55d3de73f76a5d3916292096062
2bc5501ca5f42d234044943182fade8d73dba00d

A sample metadata file with CAS entities:

http://git.shibboleth.net/view/?p=java-identity-provider.git;a=blob_plain;f=idp-cas-impl/src/test/resources/metadata/cas-test-metadata.xml;hb=HEAD

It remains to configure metadata indexes needed to support the feature; I'm unsure exactly how to do that mostly because I don't understand the performance/resource impact from the additional indexing. Ideally we would index only CAS entities and endpoints to minimize the size of the index, but I don't know to do that. Assuming that's possible I would think it would be safe to enable as part of the default configuration. Suggestions welcome and appreciated.