[Satosa] Review exception at HTTP handler level to minimize information disclosure.

[Zicchio]

In the project, not enough care is dedicated in the exception management of the satosa HTTP handlers.
Sometimes we have good exceptions like this

eudi-wallet-it-python/pyeudiw/satosa/default/response_handler.py

Line 150 in 5b73246

self._handle_401(context, "invalid authentication method: token might be invalid or expired", e401)

and sometimes we have approximative error management like this one

eudi-wallet-it-python/pyeudiw/satosa/default/response_handler.py

Line 161 in 5b73246

return self._handle_400(context, e400.args[0], HTTPError(e400.args[0]))

The biggest risk is that we indvertitedly might induce information disclure by telling the user detailed exceptions or error messages . In particular, observe that:

• in the 500 handler, msg becomes part of the returned HTTP response

  eudi-wallet-it-python/pyeudiw/satosa/utils/base_http_error_handler.py

  Line 53 in 5b73246

  def _handle_500(self, context: Context, msg: str, err: Exception) -> JsonResponse:

• in the 40x handler, troubleshoot becomes part of the returned HTTP response message

  eudi-wallet-it-python/pyeudiw/satosa/utils/base_http_error_handler.py

  Line 77 in 5b73246

  def _handle_40X(self, code_number: str, message: str, context: Context, troubleshoot: str, err: Exception) -> JsonResponse:

  eudi-wallet-it-python/pyeudiw/satosa/utils/base_http_error_handler.py

  Line 105 in 5b73246

  def _handle_400(self, context: Context, troubleshoot: str, err: Exception = EmptyHTTPError("")) -> JsonResponse: