Decouple SAML authentication from the default Omniauth logic

Replaces !2782 (merged) since that one was not backwards compatible.

With this merge request SAML gets its own login logic and it's own User class under lib/gitlab/saml/ This is needed to give SAML more versatility over how the authorization process works and to pave the way for the development of a SAML group sync as outlined here: gitlab-org/gitlab-ee#118

cc @rymai @rspeicher