[mdx] EntityAttributes support

[Scott Cantor]

I just checked in the change to implement the extraction of metadata
attributes/assertions in the SP per the draft, in place of the limited
support I had in 2.1.

In particular, I just went for broke and implemented complete evaluation of
assertions inside the attribute extraction step, with a dedicated metadata
provider, and optionally a dedicated trust engine and attribute filter, so
you can separate all that logic from regular SP trust processing rules.

The only "hack" was that I had to decide how to represent the metadata of an
issuer of entity attribute assertions, so I picked an
AttributeAuthorityDescriptor as the closest fit. I could do an additional
metadata role extension for this if people don't like that idea. A
"MetadataAuthorityDescriptorType"? Seems like the AA role is good enough,
it's limited to attribute statements anyway.

Probably asking a lot, but this was a fair amount of new code and could
really use more testing.

-- Scott