Authorized minimal APIs should be easily callable from Postman

[DamianEdwards]

@glennc had been looking at what it takes to setup up an authorized minimal API and call it via Postman. This issue is to track that experience and any subsequent work we think is required to land it at an acceptable UX.

[captainsafia]

Closing this. I think the work we've done with the user-jwts tool and the auth-options-from-config approach gets us a bulk of the way here.

We have other items tracking integrating authentication with OpenAPI which will provide value to users wanting to authentication from Swagger UI.