Treat security scheme as case insensitive in JSON schema [Issue #2703]

[hornworm61]

Addresses #2703

This change updates the JSON Schemas for both 3.0 and 3.1 to allow for the security scheme to be case insensitive when checking for whether the bearerFormat propery is allowed.

[jdesrosiers]

@hornworm61 I'm doing final checks before releasing the new version of the schema and I noticed that you removed required: [scheme] from the http type. This doesn't look correct. Did you remove this on purpose?

[webron]

@jdesrosiers doesn't https://github.com/hornworm61/OpenAPI-Specification/blob/638d7eb06b65f1171e1f5dc196b0f1ef78b80c49/schemas/v3.1/schema.yaml#L770-L772 cover it?

[jdesrosiers]

@webron No, that required is in the if schema. It's only used to determine whether or not to apply the then schema.

[hornworm61]

I think the type-http-bearer subschema originally said: "If the object has a property 'type' of 'http' and a 'scheme' of 'bearer' then it is allowed to have a property of bearerFormat and must have a property 'scheme'

But if the object passes the if part of this, then it definitely has a property 'scheme', so the "required" portion of the then branch is redundant because it can never fail.

Also, the type-http subschema already says that if the object has a property 'type' of 'http' then it must have a property of 'scheme' (and type-http and type-http-bearer are used in an "all-of" construct).

[jdesrosiers]

the type-http subschema already says that if the object has a property 'type' of 'http' then it must have a property of 'scheme'

Ahh, yes, you're right. That's what I was missing.