chore: improve validation of Security tag in swaggerparser (#15660)

Aims to resolve #15605 

There's currently one option valid for the `@Security` tag in
swaggerparser - which fails in the CI if we try to put any other value.

At least one of our endpoints does not accept `CoderSessionToken` as an
option for the authentication and so we need to add new possibilities in
order to keep the documentation up-to-date.

In this PR , I added `ProvisionerKey` which is the way our provisioner
daemon can authenticate to the backend - also modified a bit the code to
simplify other options later.

coderd/apidoc/docs.go

@@ -3642,7 +3642,7 @@ const docTemplate = `{
             "get": {
                 "security": [
                     {
-                        "CoderSessionToken": []
+                        "CoderProvisionerKey": []
                     }
                 ],
                 "produces": [

coderd/apidoc/swagger.json

@@ -3208,7 +3208,7 @@
 			"get": {
 				"security": [
 					{
-						"CoderSessionToken": []
+						"CoderProvisionerKey": []
 					}
 				],
 				"produces": ["application/json"],

coderd/coderdtest/swaggerparser.go

@@ -300,6 +300,11 @@ func assertPathParametersDefined(t *testing.T, comment SwaggerComment) {
 }
 
 func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
+	authorizedSecurityTags := []string{
+		"CoderSessionToken",
+		"CoderProvisionerKey",
+	}
+
 	if comment.router == "/updatecheck" ||
 		comment.router == "/buildinfo" ||
 		comment.router == "/" ||
@@ -308,7 +313,7 @@ func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
 		comment.router == "/users/otp/change-password" {
 		return // endpoints do not require authorization
 	}
-	assert.Equal(t, "CoderSessionToken", comment.security, "@Security must be equal CoderSessionToken")
+	assert.Containsf(t, authorizedSecurityTags, comment.security, "@Security must be either of these options: %v", authorizedSecurityTags)
 }
 
 func assertAccept(t *testing.T, comment SwaggerComment) {