Accept Bearer or bearer authentication scheme

[pzingg]

Other applications that I am using require the Authorization header to have the form Authorization: Bearer token, and this is what the RFC for OAuth 2.0 says is the correct spelling. This pull request allows either the lowercase bearer scheme (existing code) or the capitalized Bearer scheme (which is expected by RFC 6750).

See discussion at https://sgeb.io/posts/2015/05/fix-go-oauth2-case-sensitive-bearer-auth-headers/