Ignore security requirement, look at custom securityScheme instead

Since the `security` requirement in the root of an OAD will often set to e.g. 'Bearer' to specify the access-time credentials requirement, we don't want to override that. Instead, we add a `securityScheme` entry and explicitly refer to that at execution time.

Note that this code is still in early development and insights may change, to this may change in future versions!