allow authentication to receive multiple and accept multiple passwords

[shaqq]

@bellycard/platform @darbyfrey @danielmackey

This is allows us to have a way to switch the HEADER_PASSWORD easily.

This also might be a breaking change if you use a HEADER_PASSWORD that has a comma in it. Let me know if that's the case.

Let me know how you feel about the possible_passwords being limited to 2 choices. I figured it'd be a bad idea to allow a large number of possible_passwords being passed.

[darbyfrey]

I guess what I was thinking with this was that we would just use different ENV vars for the "new way". So the old HEADER_PASSWORD / HEADER_PASSWORDS pattern would still be backwards compatible. The new way would use something more descriptive like ALLOWED_HEADER_PASSWORDS and SENT_HEADER_PASSWORDS, or something like that. Naming is open for discussion.

I also don't think the 2 password limit is necessary. It would have to be a very large list of passwords for it to really matter.

[shaqq]

i completely forgot about that. closing this PR and opening a new one.