Spec with multiple alternate security schemes fails request when one is missing

[TristanSpeakEasy]

Consider this spec:

openapi: 3.1.0
info:
  title: Test
  version: 0.1.0
security:
  - xApiKey: []
  - apiKey: []
paths:
  /test:
    get:
      responses:
        '200':
          description: OK
components:
  securitySchemes:
    xApiKey:
      type: apiKey
      in: header
      name: x-api-key
    apiKey:
      type: apiKey
      in: header
      name: Authorization

this error is returned when making a request:

{"type":"https://pb33f.io/wiretap/error","title":"unable to serve mocked response","status":401,"detail":"apiKey not found, no `x-api-key` header found in request"}

The sent request had the Authorization header set but not the x-api-key header.

but the security:

security:
  - xApiKey: []
  - apiKey: []

defines either xApiKey OR apiKey can be sent.

And AND relationship is defined like so:

security:
  - xApiKey: []
    apiKey: []

[TristanSpeakEasy]

As an addition to this bug it seems optional security is also not respected.

IE if security is defined like so:

security:
  - xApiKey: []
  - {}

And no header is set then the same sort of response is returned but defining security like this means the security is optional, basically means xApiKey OR nothing

[daveshanley]

This should be resolved in v0.1.1