Add challenges response used when the client does not have a token
Need to add the AuthorizationDetails endpoint capability which has the information the client needs to find the authorization server and get a bearer token.
Also add the challenges field to AuthorizeResponse (which is the same information that is specified in an endpoint's AuthorizationDetails endpoint capability).
Can add a new environment variable with the bearer auth param.
See ETP specs for details.