Geo: Fix redirect to secondary after SAML sign in

What does this MR do and why?

Describe in detail what your merge request does and why.

Geo: Fix redirect to secondary after SAML sign in

Due to changes to the authentication flow for single sign-on via secondary Geo sites, users who sign in via Geo secondaries with SAML are landing on the primary site. This is very confusing and may break some workflows.

This commit causes the primary site to remember which site the user attempted to sign in through. And then after successful sign in, the user is redirected to that site.

This implementation gets around the fact that a typical SAML configuration will have a single ACS (Assertion Consumer Service) URL defined in the SAML Identity Provider configuration, as well as in the primary Geo site's gitlab.rb (Omnibus GitLab) or values.yaml (GitLab Helm Chart). This is possible because the secondary site only acts as a proxy in the authentication workflow, and the primary knows that the secondary site's URL is safe to redirect to after sign in. It should work without action by sysadmins, whereas specifying a particular ACS configuration would require action, and might not even be possible, depending on the Identity Provider.

Fixes #372490 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.