feat: improve SSO registration and login UX

[leondape]

Current Pain Points

Several UX gaps make SSO setup difficult for self-hosted administrators:

1. No callback URL shown after registration

After registering an SSO provider, the admin is not shown the ACS/callback URL that must be configured on the IdP side:

{BASE_URL}/api/auth/sso/saml2/callback/{providerId}

Admins have to read the source code to figure this out. The registration success should display:

• ACS URL
• Entity ID (the app's base URL)
• SP metadata XML (already generated in code but not exposed)

2. No way to view or delete SSO providers

Once registered, there's no UI to:

• View existing SSO providers and their configuration
• Delete/re-register a provider (currently requires raw SQL against the database)
• See the organization slug that users need for login

3. WantAuthnRequestsSigned metadata conflict

The ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG error from samlify is confusing. Many IdPs (Keycloak, Entra ID) include WantAuthnRequestsSigned="true" in their default metadata, but the SP isn't configured with a signing key. The registration should either:

• Warn about this flag and suggest the fix (set it to false on the IdP or edit the XML)
• Strip/override the flag since SP request signing isn't supported
• Add SP signing key support

4. SSO login requires organization slug

Users must know their organization slug to log in via SSO. While necessary for multi-tenant deployments, the label "Organization Slug" is confusing. Consider:

• Renaming to "Organization ID" with better help text
• Auto-detecting when only one SSO provider exists (skip the field entirely)
• Pre-filling via env var for single-org self-hosted deployments (e.g., SSO_DEFAULT_ORG_SLUG)

[Ingole712521]

Can i work on this UI changes
you can see my proof of work on portfolio www.nehalingole.in