Add two new substitutions to be used in SAML attribute values.
"displayname" is normally the users' Full Name in SSO.
"email" is the e-mail address.
These enable reporting richer SAML attributes to SPs who can then create nicer-looking
local identities.
Additionally, the existence of the e-mail attribute/substitution might allow
for full compliance with the SAML 8.3 "persistent" policy, though this would
require additional implementation work.
Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/saml-extra-attribute-substitutions/+merge/362265