Deprecating Security Schemes #2506
Description
Case study: GitHub. They support access token through the query string but they're deprecating and removing support for that. They'd like folks to stop using it, and are recommending people move over to other security schemes like HTTP basic or OAuth2. They've been sending out emails when people hit it, writing it in human-docs, and blogs, etc., but OpenAPI could help them out here too.
So far, no way to deprecate a security scheme.
We should be able to use deprecated: true on a security scheme just like on an operation or property.
Yes? I'll make a PR if some thumbs appear.