[Slim] Add ApiKey and OAuth authentication middleware

Created by: ybelenko

PR checklist

• Read the contribution guidelines.
• Ran the shell script under ./bin/ to update Petstore sample so that CIs can verify the change. (For instance, only need to run ./bin/{LANG}-petstore.sh and ./bin/security/{LANG}-petstore.sh if updating the {LANG} (e.g. php, ruby, python, etc) code generator or {LANG} client's mustache templates). Windows batch files can be found in .\bin\windows\.
• Filed the PR against the correct branch: master, 3.4.x, 4.0.x. Default: master.
• Copied the technical committee to review the pull request if your PR is targeting a particular programming language.

Description of the PR

First of all, that feature is authentication only. It contains token/apiKey parsing and it validation. It doesn't contain token signing and all tasks related to authorization yet.

I've checked all secured endpoints with fake petstore spec. It turns out that some server ignores http headers with underscores, so header api_key doesn't work, while api-key/apikey works.

There are official list of Slim middlewares

Slim OAuth middleware looks like overkill to me, so I've ended up with my fork of Slim token authentication.

✔ Maybe we should deprecate Slim Basic Authentication package and do all the job with Slim token authentication, to make implementation more consistent and reduce dependency list.

✔ I've decided to move so called authenticators into external PHP classes. Three classes BasicAuthenticator, ApiKeyAuthenticator and OAuthAuthenticator should extend AbstractAuthenticator. Don't know if it's breaking changes or not. Probably breaking changes with fallback.

cc @jebentier @dkarlovi @mandrean @jfastnacht @ackintosh