[OAS 3.1.0] All security schemes may now define required roles

[Azquelt]

Previously, in a Security Requirement Object, roles were only valid for oauth2 and openIdConnect (where they correspond to required scopes required for execution) but now roles can be specified for all security schemes.

We should:

• Update our documentation to reflect the removal of this limitation:
  • SecurityRequirement annotation Javadoc
  • SecurityRequirement model interface Javadoc
• Add a test which builds a model with roles where they were not previously allowed
• Add a test which uses annotations to declare a security requirement with roles for a previously unsupported type

[benjamin-confino]

Please assign this one to me.