This is an update of #273, nearly identical except updated to work with #908 as indicated in the original.
implement an HTTP header AuthenticationProvider
add site documentation for HTTP header authentication
remove external account type in lieu of specific type
This was unused and causing provider lookup to fail in
AuthenticationManager.findProvider() by changing it out
from underneath. As a result, the supportXChanges methods
weren't being reported correctly.
✨ Nice & clean. Great job.
I granted you contributor access for easier branch-based PRs rather than from forks. Thanks for all your contributions.