Allow x-consumer-* headers for internal audience

[rbarilani]

Following the discussion on API Guild JF - 2020-07-14, we want to allow x-consumer headers to be specified in Open API specification.

related to #554

The X-Consumer headers to whitelist are:

X-Consumer: contains a base64 JSON payload identifying the zDirect API or UI consumer (user or OAuth2 client)
X-Consumer-Signature: contains signature to verify the X-Consumer payload
X-Consumer-Key-ID: contains the key identifier to retrieve the public key to verify the X-Consumer-Signature

Acceptance Criteria

• Zally MUST allow the mentioned headers to be specified in OpenAPI specification
• The headers and their description SHOULD be added to the guidelines