Decouple SAML authentication from the default Omniauth logic

Fixes gitlab-org/gitlab-ee#178

With this merge request SAML gets its own login logic and its own `User` class under `lib/gitlab/saml/` This is needed to give SAML more versatility over how the authorization process works and to pave the way for the development of a SAML group sync as outlined here: gitlab-org/gitlab-ee#118

See merge request !2782