Assume that a 'portal-*cookie' will allow us to bypass gateway SAML

Assume that a 'portal-*cookie' will allow us to bypass gateway SAML

For many GlobalProtect VPNs with SAML, the 'portal-userauthcookie' appears
to be *the* mechanism by which gateway authentication can be bypassed once
portal authentication is complete.

Unfortunately, there are exceptions which will require a more complex
resolution involved a re-entrant SAML flow
(https://gitlab.com/openconnect/openconnect/-/issues/147#note_587163143),
but this patch will at least not make them worse.

This can work in many cases…

- When the user's password is only usable one time (already working as of 008aefd7),
- When the portal requires SAML but the gateway doesn't (already working in 008aefd7),
- When the gateway requires SAML even though the portal doesn't (fixed here)

Additionally, this patch adds tests (tests/{fake-gp-server.py,gp-auth-and-config}) of
OpenConnect's ability to complete the following SAML flows:

- (SAML to portal after acquiring prelogin-cookie externally) → (complete gateway login
  using portal-userauthcookie)
- (SAML to gateway after acquiring prelogin-cookie externally)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>