Fix apikey authorization

[LeoTayot]

I needed to use an Authorization of type apiKey in header.
But the code that handled that was unreachable due to some conditions to build bearer auth in priority.

According to OAS3 (https://swagger.io/docs/specification/authentication/bearer-authentication/) :
basicAuth should use associations : type: http and scheme: basic.
bearerAuth should use associations : type: http, the scheme: bearerand if needed bearerFormat: JWT.
ApiKeyAuth should use associations : type: apiKey, in: header and name: X-API-KEY.
cookieAuth should use associations : type: apiKey, in: cookie and name: JSESSIONID.

I adapted the code so we could use all those authentication and fixed the comment standing there :
// how to determine when it should be JWT?.

I completed the documentation page and added a test.

Bearer auth

#[openapi(
  http,
  scheme = "bearer",
  bearer_format = "JWT",
  description = "Use JWT Bearer token for authentication"
)]

apiKey auth

#[openapi(
    apiKey,
    in = "header",
    name = "x-w2c-token",
    description = "Auth token for user authentication"
)]

[tiagolobocastro]

Hi, thanks for working on this. Please be mindful that the current support is for openapi2/swagger. The openapi3 support that we have atm is simply a conversion from 2.

Therefore the only supported types are:
"Valid values are "basic", "apiKey" or "oauth2"."
And that is why we had the comment // how to determine when it should be JWT?.

Currently we'd use jwt as an apiKey, example:

#[derive(Apiv2Security, Deserialize)]
#[openapi(
    apiKey,
    alias = "JWT",
    in = "header",
    name = "Authorization",
    description = "Use format 'Bearer TOKEN'"
)]
pub struct BearerToken;

So, I think we can adapt your changes by adding your purposed changes by adding another field to the openapi2 SecuritySchema that is not serializable (as we don't want it to be present if we're generating openapi2 spec), but that allows us to convert to openapi3. And maybe for those types of things we'd have an #[openapi3( ?