Provide feedback on AsyncAPI v3 security scheme at operation vs server

[jfallows]

AsyncAPI definition requires redefining security scheme to enforce a subset of roles for a specific operation.

Propose alternative to simplify authoring security.