The CI currently runs a step which is validating swagger annotations - specifically the `Security` tag - https://github.com/coder/coder/blob/main/coderd/coderdtest/swaggerparser.go#L302 For now, the tag has to be set to `CoderSessionToken` without allowing any other option, excepted ignoring the whole endpoint. Having some endpoints that are using PSK or ProvisionerKey - we need to be able to put these options too.