Add support for specifying multiple security requirement keys

[abs0luty]

Hi! The first contribution to this repo, so I may have missed some things.

I use utoipa in my project and I faced a problem of not being able to use multiple security requirement keys.

As described in Swagger docs: Some REST APIs support several authentication types. The security section lets you combine the security requirements using logical OR and AND to achieve the desired result.

I made an issue. Then, I resolved it myself. Now you can use multiple security requirements separated by a comma in #[utoipa::path]. Example:

#[utoipa::path(
      delete,
      path = "/todo/{id}",
      responses(
          (status = 200, description = "Todo marked done successfully"),
          (status = 401, description = "Unauthorized to delete Todo", body = TodoError, example = json!(TodoError::Unauthorized(String::from("missing api key")))),
          (status = 404, description = "Todo not found", body = TodoError, example = json!(TodoError::NotFound(String::from("id = 1"))))
      ),
      params(
          ("id" = i32, Path, description = "Todo database id")
      ),
      security(
          // literally means (api_key and api_key2) or api_key3
          ("api_key" = [], "api_key2" = []),
          ("api_key3" = []),
      )
  )]

Also, now you can construct those with add() method:

SecurityRequirement::default()
  .add("api_key", ["test"])
  .add("api_key2", ["test"])

I didn't change the names of already existing methods and types. Additionally, as you can see new security(...) syntax is compatible with the old one. So it isn't really a breaking change.

Resolves #803. Resolves #717

[juhaku]

Very nice 👍 Just some minor things to check out and it is done.

[abs0luty]

@juhaku fixed it.

[juhaku]

Great 👍

[juhaku]

Future support for duplicate name keys in security: attribute of the OpenApi #992