Parse OAS3 HTTP-Auth schemes case-insensitively

According to the authors of the OAI spec (OAI/OpenAPI-Specification#1880 (comment)), schemes are case-insensitive. Even if they were not, the current checks against lowercase versions of scheme names do not match the IANA registry's canonical versions (https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml#table-authschemes), which are "Basic" and "Bearer".

Author: asazernik

src/execute/oas3/build-request.js

@@ -147,14 +147,15 @@ export function applySecurities({request, securities = {}, operation = {}, spec}
           }
         }
         else if (type === 'http') {
-          if (schema.scheme === 'basic') {
+          const scheme = schema.scheme?.toLowerCase()
+          if (scheme === 'basic') {
             const username = value.username || ''
             const password = value.password || ''
             const encoded = btoa(`${username}:${password}`)
             result.headers.Authorization = `Basic ${encoded}`
           }
 
-          if (schema.scheme === 'bearer') {
+          if (scheme === 'bearer') {
             result.headers.Authorization = `Bearer ${value}`
           }
         }