fix multiple WWW-Authenticate header to one

[mouxhun]

WWW-Authenticate header should only have one

What issue does this PR address?
every WWW-Authenticate header should atleast have one auth schema, because we only used bearer token authentication, we should only have one WWW-Authenticate header.Currently it returns two likes below

WWW-Authenticate: Bearer
WWW-Authenticate: error="invalid_token"

test on https://demo.identityserver.io/connect/userinfo

Does this PR introduce a breaking change?
No

Please check if the PR fulfills these requirements

• The commit follows our guidelines
• Unit Tests for the changes have been added (for bug fixes / features)

Other information:

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

[mouxhun]

reference https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47

The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI

the second one don't have schema

[github-actions]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.