…entifier along with the polls

Bumps [twig/twig](https://github.com/twigphp/Twig) from 3.10.3 to 3.11.1.
- [Changelog](https://github.com/twigphp/Twig/blob/v3.11.1/CHANGELOG)
- [Commits](twigphp/Twig@v3.10.3...v3.11.1)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.20.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.19.2...4.20.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

The Assert statements would yield unusable error messages without a path
to know what to go and fix. This change at least tells us what config
item is not right. And what is expected.

Some additional bootstrapping was required to allow for this (in
services.yaml).

This error status was previously not supported. It is now. The uncaught
errors are caught, and the invalid-request is sent back to the JS app.

That in turn displays the user facing error page.

At first I opted to handle the 'invalid-request' manually. But having a
default switch-case to handle all unhandled stati as an error makes more
sense.

And before this commit, the invalid request was handled as a Push
Notification failure. But that was not my intention. I wanted to render
the error page, and for that, we need to call the switchToStatusRequestError
method instead.

Prior to this change none of the code in the dev folder was being scanned by PHPStan, resulting in a lot of errors which do not comply with our coding standards.

This change is needed to improve code quality for our dev code. All existing errors are added to the baseline.

Prior to this change the type was said to be a string, but we couldn't be sure.
This change solves the issue by typing the result as mixed, then validating whether it was a string.

With the introduction of PHPStan scanning the dev folder a lot of errors were added to the baseline.

I've taken a short time to look at the newly introduced errors and fixed some of them.

That is added to isolate the timeout 'business' rules are implemented
correctly. And make them testable.

The Jest test was not yet covering the possibility of a registration
timeout

Prior to this change there we weren't able to keep track of sessions that got lost.

This change allows us to see every time a session is created and distinguish them by their correlation id.

… none

Prior to this change all routes were able to called, even though the user might not have had an active session

This change will start logging errors when the session wasn't found, or is in an unexpected state

Prior to this change session information got lost. We had no way of tracking down what happened to user sessions in the logs.

This change logs whether a session existed and if it's in a valid state. Log information is enriched with a correlation id to be able to distinguish them.

That way we always follow the configured session name set in the
framework.yaml

That way we do not hard code a security measure in the code base. And
allow for manual setting of that SALT