Fetch attribute from SecurityTokenReference instead of from sitekey

[veewee]

Fixes #61

Thanks for this awesome package!

Instead of trying to grab the wsu id from a PHP XMLSecurityKey, it fetches the id of the last detected BinarySecurityToken.
Moved the logic around so that it only gets executed if a BinarySecurityToken is available.

Note
Since this fallback functionality is currently not working (and hasn't been for a couple of years), I took the liberty of putting it behind an options flag as well.
The KeyInfo will only be created if you specifically ask for it. Thit allows for a more flexible way to apply key identifiers (similar to what you already have during signature)

I've noticed in a few other tickets, you are looking for a better way to apply various key info types.
In a small wrapper I am working on, I moved it outside of the main logic as well so that you have a more flexible choice of which KeyIdentifier:

php-soap/psr18-wsse-middleware#5

This gives the flexibility

$wsseMiddleware = new WsseMiddleware(
    outgoing: [
        new Entry\Timestamp(60),
        new Entry\BinarySecurityToken($pubKey),
        (new Entry\Signature(
            $privKey,
            new KeyIdentifier\BinarySecurityTokenIdentifier()
        )),
        (new Entry\Encryption(
            $signKey,
            new KeyIdentifier\X509SubjectKeyIdentifier($signKey)
        ))
    ],
    incoming: [
        new Entry\Decryption($privKey)
    ]
)

[veewee]

Hi @robrichards ,

I suspect you are very busy with other stuff.
Is there anything I can be in of assistence of in order to make some progress here?

Thanks!