Update documentation about API Authorizations

[lyzadanger]

This PR expands the API documentation section pertaining to clientCredentials and the X-Forwarded-User header.

It also denotes that you can use a forwarded user on the create-group endpoint:

Fixes hypothesis/product-backlog#768

[codecov]

Codecov Report

Merging #5316 into master will increase coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #5316      +/-   ##
==========================================
+ Coverage   95.96%   95.99%   +0.02%     
==========================================
  Files         467      467              
  Lines       25106    25389     +283     
  Branches     1375     1405      +30     
==========================================
+ Hits        24092    24371     +279     
- Misses        889      890       +1     
- Partials      125      128       +3

Impacted Files	Coverage Δ
h/presenters/annotation_searchindex.py	93.33% <0%> (-2.5%)	⬇️
tests/h/search/index_test.py	98.32% <0%> (-0.09%)	⬇️
tests/h/presenters/annotation_searchindex_test.py	100% <0%> (ø)	⬆️
tests/h/search/conftest.py	100% <0%> (ø)	⬆️
tests/h/search/query_test.py	98.56% <0%> (+0.22%)	⬆️
h/search/query.py	96.63% <0%> (+0.29%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e9f6143...68828d1. Read the comment docs.

[robertknight]

LGTM. Is the plan to ultimately support X-Forwarded-User for all APIs that can be invoked as a specific user or only a subset?

[lyzadanger]

@robertknight

LGTM. Is the plan to ultimately support X-Forwarded-User for all APIs that can be invoked as a specific user or only a subset?

Something we should discuss! There are no immediate plans to add X-Forwarded-User to any existing endpoint and I won't extend its use without us having a strategic conversation.