Refactor auth handling wrapper

This MR refactors the authentication wrapper authentication.validate to make it easier to maintain. This effectively defines an 'api' for authentication types where they need to provide a '_request_has_xxx()method and a_validate_xxx()` method.

This also improves the error handling by attempting all authentication methods, and only if they all fail do we return the first error encountered. This should enable users who have an invalid scitoken but a valid X.509 cred to gain access.