Don't delete SP info from session after redirect

[monfresh]

Why: I don't think there's a valid reason to do that. Digging
into the git history, it looks like the deletion of the SP info from
the session was introduced in the same PR that implemented the branded
experience. I believe the reasoning was that unless the branded
experience was deleted, returning to the IdP after signing out from the
SP would keep the branded experience around, which is not the case since
the entire session is deleted upon logout.

Deleting the SP info from the session is resulting in an exception in
the following scenario:

• A user launches a mobile app that integrates with login.gov
• The user completes the account creation process on their mobile device
• Once they arrive on the completions page and click "Continue",
  they are prompted to launch the mobile app. Whether the user chooses to
  launch the app or click Cancel, the IdP web page stays where it is.
• If the user comes back to the IdP page at a later time and tries to
  hit the Continue button again, they will get an error because
  CompletionsController#update depends on sp_session[:request_url]
  being present.

How:

• Don't delete the SP info from the session
• To allow the user to visit the IdP after being redirected back to
  the SP, update SessionsController#check_user_needs_redirect to
  redirect to signed_in_path instead of
  after_sign_in_path_for(current_user) because the latter will redirect
  back to sp_session[:request_url] now that we are no longer deleting
  sp_session.

[zachmargolis]

should we make these positive expectations?

expect(page.get_rack_session.keys).to include('sp')

[monfresh]

Good idea. Fixed. PTAL

[zachmargolis]

same, should we make sure this keeps the sp in the session?

expect(session.key?(:sp)).to eq(true)

[zachmargolis]

LGTM!