Support different signing keys for different roles
LassoProvider currently only support two keys for all its role: a signing one and an encrypting one. But the metadata format allows a pair of key by supported role. There should be a way to acces those keys. Maybe through adding real support for elements of the SAMLv2 metadata namespace.