Vertically align SiteLogo with form

See merge request !5

Fix documentation and add missing logo if configured

See merge request !4

Temporary workaround if we do not want to maintain a whitelist.

And move the CORS handler only on the homepage endpoint.

This allows eventual future usage of 307 redirects and us accepting
POST requests without having to decode the request body.

The sso service endpoint should send the proper CORS headers and
respond to OPTIONS (for CORS prefetches) so that XmlHttpRequests on
authenticated sites can (partially) work.

Compute the origin properly.

Let the user pick 2FA method

See merge request !2

Add links 'use a numeric / hardware token instead' to the 2FA login
pages, using the list of available 2FA mechanisms found in the
auth Response.

First step towards letting users pick the method they prefer.

This caused the SSO server to generate bad form links, which caused a
302, preventing POST requests to succeed.

Add some template customization options in the config

See merge request !1

Support serving site-specific logo, favicon, and setting a site title.

Upgrade it to 4.1.3, including dependencies.

Just serve an error on the logout page if there is no valid session,
instead of redirecting to the login workflow.

Fixes issue #8.

Fixes issue #6.

And standardize on a single structure for the gorilla session
map, using the 'data' key for our gob-encoded objects.

Using the new configuration variable 'keystore_enable_groups'.