Don't add AllowCreate for default transient name ids

http://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8058_1983180497:

"The use of the AllowCreate attribute MUST NOT be used and SHOULD be
ignored in conjunction with requests for or assertions issued with name
identifiers with a Format of
urn:oasis:names:tc:SAML:2.0:nameid-format:transient (they preclude any
such state in and of themselves)."

Author: fredrikt

src/saml2/client_base.py

@@ -339,6 +339,10 @@ def create_authn_request(self, destination, vorg="", scoping=None,
                     # If no nameid_format has been set in the configuration
                     # or passed in then transient is the default.
                     if nameid_format is None:
+                        # SAML 2.0 errata says AllowCreate MUST NOT be used for
+                        # transient ids - to make a conservative change this is
+                        # only applied for the default cause
+                        allow_create = None
                         nameid_format = NAMEID_FORMAT_TRANSIENT
 
                     # If a list has been configured or passed in choose the