Add feature to config system that expresses acceptable authentication methods and validate against it

[dlongley]

We need to do a better job of validating the required authentication methods set on an account against those that the application supports. One way to do this would be to add their names to the config system in a supportedAuthenticationMethods map (with true/false values) -- and then check for these when validating requests to set the required authentication methods on an account.

[mattcollier]

I see that event listeners are being added in code to top level applications. Could it be that we want to employ the plugin strategy for handling this instead? So there would be a collection of bedrock-authn-token-{method} modules that register the module and allow for customization of behavior via the Bedrock config? In this environment, the validation of the supportedAuthenticationMethods would involve ensuring that a corresponding handler has been installed for each method.

[dlongley]

Supported authentication methods should also indicate the type of token they are bound to so this can be checked -- preventing misuse of token type A with authentication method that requires token type B.