Strict filter to define if token A is allowed or not in incoming requests

[lilgallon]

I would rather use a dedicated parameter to tell if we are in the list of endpoints allowed in the handshake or not, to allow tokenA only there. I find this detection mechanism error prone, and as this is a security feature I think it's worth to make it more strict

Originally posted by @xhanin in #16 (comment)

---

I marked the issue with ocpi 2.1.1 and 2.1.1 gireve, but before applying this issue, they have to include #15