Make security scheme case-insensitive

As per @simranbentel in #67, It is common for the security `scheme` for `bearer` auth to be capitalized as `Bearer`. Looking in to this, a comment in OAI/OpenAPI-Specification#1876 noted that according to RFC7235, the authentication scheme is a case-insensitive token.

We should update our scheme detection code to reflect this.