auth: add support for "Bearer" auth scheme (API key variant) This allows the API key to be passed in a header instead of the query string, reducing the risk of accidental API key leaks: Authorization: Bearer <api key> The Bearer authorization scheme is standardized in RFC 6750, though used here outside the full OAuth 2.0 authorization framework. (Full OAuth can still be added later without breaking existing users.)

.. _readme:

.. include:: ./../README.rst