Design the security middleware

[whitlockjc]

The swagger-security middleware in swagger-tools was originally created to drive a127 but the idea was simple enough: allow the API author to register security handlers that would be consulted based on the Swagger document. No more manually wiring security, just update your Swagger document to dictate when and what security is required.

Unfortunately, this middleware does not adhere to standard middleware practices and at a minimum this needs to be resolved. We also might learn a thing or two by looking at passport.js.