Add ADFS SSO support

[gorkem-bwl]

Requirements:

• SAML 2.0 protocol
• On-premises Active Directory Federation Services
• XML-based assertions and metadata

TODO:

1. New library: Add passport-saml or @node-saml/passport-saml
2. SP Metadata endpoint: Expose /api/saml/metadata returning:

• SP Entity ID
• ACS URL (e.g., https://verifywise.example.com/api/saml/callback)
• Signing certificate (optional)

3. SAML callback handler: Process SAML assertions at ACS URL
4. Extended SSO config: Store SAML-specific settings:

• IdP Entity ID
• IdP SSO URL
• IdP Signing Certificate
• Attribute mappings (email, name, user ID)

5. Update SSOProvider type: Add "ADFS" or "SAML" to the union type