Explicitly define auth protocol in protocol document

[bleggett]

Proposed Changes

Change type: PATCH

• Pull the auth protocol bits out of the existing docs (ClaimsObject, etc), clarify them, and make them part of the top-level Protocol document.
• Fix small inconsistency in example openAPI docs.

Checklist

• A clear description of the change has been included in this PR.
• A clear description of whether this change is a Major, Minor, Patch or cosmetic change as per the Versioning Guidelines has been included in this PR.
• All schema validation tests have been updated appropriately and are passing.
• This change otherwise adheres to the project Contribution Guidelines.

[dmihalcik-virtru]

To be a PATCH this should deprecate the clientPayloadSignature, not replace it, otherwise this is arguably a major revision (clients with the same major revision should be backwards compatible)

You can say Deprecated, servers MAY allow this request when used, subject to configuration, instead of MUST

[bleggett]

@dmihalcik-virtru The OpenAPI spec is an example of An Implementation - not part of the spec. I should move it to examples. What an implementer calls this field in their schema is not defined in the spec, as that's an implementation detail.

The major spec version bump to 4 already introduced the general requirement for a payload signature, so this is not a new requirement. I'm just syncing the name of the field in the example OpenAPI spec we include.

Current openTDF implementations all use signedRequestToken already, and the example OpenAPI spec here had a mismatch on the name, so that's why it's just a patch.