Better way for excluding IdPs reported in the metadata
Right now, we're using a string with comma-separated IdP entity IDs through the environment variable DISCO_HIDDEN_IDP_ENTITY
to exclude identity providers.
This is fine for a handful of values, but quickly becomes difficult to maintain.
We should look for alternative ways of storing this information, like a JSON file. Information that might be relevant for maintenance:
- Entity ID of the excluded IdP
- Reason for excluding the IdP (likely because it doesn't recognize our SP)
- Date on which we added this entry
Potentially, we could also utilize regular expressions rather than simple lists of entity IDs.