Follow-up from "SAML SSO support session timeout"

The following discussion from !194914 (merged) should be addressed:

• @atevans started a discussion:

  suggestion (non-blocking): We should break these down into smaller methods.

            def sessions_time_remaining_for_expiry
              active_sessions = SsoState.active_saml_sessions
  
              if ::Feature.enabled?(:saml_timeout_supplied_by_idp_override, :instance)
                active_sessions.filter_map do |key, last_sign_in_at|
                  determine_time_remaining_with_session_not_on_or_after(
                    key, last_sign_in_at
                  )
                end
              else
                active_sessions.filter_map do |key, last_sign_in_at|
                  determine_time_remaining(
                    key, last_sign_in_at
                  )
                end
              end

The following discussion from !194914 (merged) should be addressed:

• @atevans started a discussion:

  suggestion (non-blocking) I think it would be easier to read if we didn't re-assign expires_at and rename provider_id in this block:

  expires_at = saml_expires_at.presence || last_sign_in_at + DEFAULT_SESSION_TIMEOUT

• @atevans started a discussion: (+1 comment)

  question (non-blocking): Long-term, should we consider moving this to a nested storage format similar to SsoState ? I think it reads more cleanly. I can see why we might not want to do that as part of this MR in order to get the feature working quickly, and I don't see any risk of name conflicts between providers and the session suffix.

  active_session_data[provider_id] = { provider: saml_profider, session_not_on_or_after: session_not_on_or_after }

!194914 (comment 2616509579) !194914 (comment 2616509594)