fix: ensure bearer_token respects token_from

[TamerShlash]

The Problem

The bearer_token authenticator always returns 401 when providing any token_from option. The reason is because the token is indeed detected, and therefore the authenticator is deemed responsible, but the token is not actually passed forward to the session store in the Authorization header as the instructions here and here say should be done.

The only exception when it does work is when using the default Authorization: bearer <session-token> option (i.e, not specifying token_from at all), because the Authorization header is forwarded anyways as you can see here:

oathkeeper/pipeline/authn/authenticator_bearer_token.go

Line 124 in acb2584

c.ForwardHTTPHeaders = append(c.ForwardHTTPHeaders, []string{header.Authorization}...)

This PR fixes that by making sure to set Authorization: bearer <token> for the request going to the sessions store if a token is detected.

Is It Breaking?

No, it should not be.

Related issue(s)

#1144

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.