Draft: Add support for openfortivpn SAML authentication

This MR is marked as draft because it depends on an open MR in the fortissl NM plugin and an open MR in openfortivpn itself.

In SSO (SAML) mode, the authentication widget returns a dummy password when called before openfortivpn is run, and spawns the user's default browser when it is called again after openfortivpn is run. This relies on the fortisslvpn plugin requesting credentials again after starting openfortivpn and passing "sso" as an auth hint. To make this work, the password is declared as "always required", even though no password is actually needed; without this, NM gives up prematurely because it assumes that secrets need to be available.

In SSO (SAML) mode, the authentication dialog still exists in order to fit into the plasma-nm framework, but is closed automatically if the browser is launched successfully. It is kept open in case of errors in order to display a message.

The URL passed to the browser to start the authentication process defaults to the configured gateway, but may be overridden in the advanced configuration dialog.