Implement some of the OpenAPI resolution logic

[gampleman]

OpenAPI spec defines a specific order of how various options are resolved. For instance, if you want to figure out which servers a specific operation is allowed on, than you first check if there are servers defined on the operation, then on the path and finally on the top level.

I think security works in a similar way (albeit there is also a gotcha where if the security object is declared but empty, it means "no security" rather than just inheriting it).

It would be quite neat if the package could do this sort of resolution logic without consumers having to implement it themselves (this would also save on having to read the spec AND having to understand how this package works alongside #8).

[gampleman]

I should probably explain what I'm trying to do and why this is relevant:

I'm trying to import an OpenAPI spec into our platform. I'd ideally just want to iterate through all the operations and get all the required information I need to construct the requests for that operation neatly bundled up. I don't particularly want to traverse the OpenAPI object manually collecting all the info.

[adamdicarlo0]

Relatedly, #11 makes it possible to implement the security resolution logic.