add security information

[fehguy]

need to handle the following auth syntaxes in the spec:

oauth2
api key (header, param)
basic auth

oauth 1.x is a can be a rathole and we should be careful about what variants we want to support.

This is different from hiding parameters, properties, models, etc based on credentials. That will be framework specific.

[fehguy]

see #72

[fehguy]

closing with no feedback