[REQ][Spring] Enable scopes for all security scheme types

[kota65535]

Is your feature request related to a problem? Please describe.

In OpenAPI Specification 3.0.x, the list of scope names of Security Requirement Object MUST be empty if the security scheme type is other than oauth2 or openIdConnect. But in 3.1.0, now it MAY contain role names which are required for the execution.

• In 3.0.3

For other security scheme types, the array MUST be empty.

• In 3.1.0:

For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.

For instance, if we have a operation definition like this:

get:
  operationId: getGreetings
  security:
    - bearer: [ "greetings:read" ]
...

We have the following generated code for each controller now:

    @Operation(
        operationId = "getGreetings",
        security = {
            @SecurityRequirement(name = "bearer")
        }
    ...

But according to OAS 3.1.0, we can have the following generated code:

    @Operation(
        operationId = "getGreetings",
        security = {
            @SecurityRequirement(name = "bearer", scopes={ "greetings:read" })
        }
    ...

Describe the solution you'd like

I've tried custom templates first, but it does not work because the codegen model does not have scope values when security scheme type is other than oauth2 or openIdConnect. So we have to change the generator class to respect the scope values for all security scheme types.

Describe alternatives you've considered

Additional context

I've also made PR swagger-api/swagger-core#4550 to modify the documentation of @SecurityRequirement annotation class to allow the scopes field to have values for all security scheme types.