Bug in xmltooling getting patched

[Cantor, Scott]

A security report of a remote URL dereferencing issue caused by Santuario came in and I'm going to fix it by just injecting some code into the xmltooling library and will be releasing a patch for that (3.2.4), probably next week.

If you wanted to get a CVE for this, I'll include that in the advisory.

The SP probably will get its own bump but for non-security reasons, just because I have to do it anyway.

The commit is already made to the xmltooling repo, FWIW.

-- Scott