Support for other Authorization header formats

[icb-]

I would like to be able to use this for Apple PassKit passes, which means checking the Authorization header for a ApplePass <token> instead of Bearer <token>. Can we relax the check for Bearer to allow any string, or a configurable one?

[BTBurke]

Sure, but I don't have time to implement this. If you know go, I'll accept a pull request. Basically how it should work is that it should build on the directive token_source header directive and be something like token_source header applepass.