Support for GNAP

[jricher]

Support for the GNAP draft specification would require the specification of the algorithms, key types, and required covered content for a signature. The following examples show what a possible syntax could look like for the new OAS security model proposed in OAI/OpenAPI-Specification#2582.

GNAP's access arrays are similar to RAR (#7) and the proofing section would need to reference other technologies like HTTP Signatures (#8)

This example shows how it could be defined for an example API using HTTP signature bound requests (and tokens) and a

components:
  securitySchemes:
    photoApi:
      type: gnap
      credentials:
      - in: header
        name: authorization
        format: ^[G|g][N|a][A|a][P|p] (.*)$
      config:
        interact:
          start:
          - redirect
          - user_code
          finish: redirect
        access:
        - type: photo-api
          actions:
          - read
          - write
          - dolphin
          locations:
          - <api endpoint url>
          datatypes:
          - image
          - metadata
        - type: bank-api
          actions:
          - read
          locations:
          - <api endpoint url>
          identifier: <account id>
          datatypes:
          - account
        proof:
          method: httpsig
          alg: rsa-pss-sha512
          keyid: <your key id here>
          coveredComponents:
          - @method
          - content-digest
          - content-type
          - target-uri
          requiredParameters:
          - nonce
          - created

As I'm not sure how to show placeholder values, I'm using things like <your key id> here.

This proposed syntax is just one possible idea, and I'm looking for feedback on how this could be made to fit the OAS model better.

Addresses #6