ok: Document cookie and additional headers for introspection (#227)

Related to ory/oathkeeper#301 and ory/oathkeeper#302

docs/oathkeeper/pipeline/authn.md

@@ -440,14 +440,19 @@ was granted the requested scope.
     2.0 Client Credentials Grant will be performed.
 - `token_from` (object, optional) - The location of the bearer token. If not
   configured, the token will be received from a default location -
-  'Authorization' header. One and only one location (header or query) must be
+  'Authorization' header. One and only one location (header, query, or cookie) must be
   specified.
   - `header` (string, required, one of) - The header (case insensitive) that
     must contain a Bearer token for request authentication. It can't be set
-    along with query_parameter.
+    along with `query_parameter` or `cookie`.
   - `query_parameter` (string, required, one of) - The query parameter (case
     sensitive) that must contain a Bearer token for request authentication. It
-    can't be set along with header.
+    can't be set along with `header` or `cookie`.
+  - `cookie` (string, required, one of) - The cookie (case sensitive)
+    that must contain a Bearer token for request authentication. It
+    can't be set along with `header` or `query_parameter`
+- `introspection_request_headers` (object, optional) - Additional headers
+  to add to the introspection request
 
 ```yaml
 # Global configuration file oathkeeper.yml
@@ -473,6 +478,10 @@ authenticators:
         header: Custom-Authorization-Header
         # or
         # query_parameter: auth-token
+        # or
+        # cookie: auth-token
+      introspection_request_headers:
+        x-forwarded-proto: https
 ```
 
 ```yaml
@@ -499,6 +508,11 @@ authenticators:
         query_parameter: auth-token
         # or
         # header: Custom-Authorization-Header
+        # or
+        # cookie: auth-token
+      introspection_request_headers:
+        x-forwarded-proto: https
+        x-foo: bar
 ```
 
 ### Access Rule Example