Validate that Security Requirements are Defined

[dillonredding]

User story.
As an API designer, when I define a security requirement at the top-level, or for an operation, then I want it to be defined in the securitySchemes components.

Is your feature request related to a problem?
According to the OAS for security requirement objects:

The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.

However, spectral raises no errors for the follow OpenAPI doc:

openapi: 3.0.2
info:
  title: Foo API
  version: 0.0.0
security:
  - foobar: [] # undefined and therefore invalid
paths: {}

Describe the solution you'd like
I would like spectral to validate that all declared security requirements are defined as per the OAS requirement.

[ioggstream]

Any news on that?

[ioggstream]

I stubbed a custom function implementation based on the current oasOpSecurityDefined https://github.com/italia/api-oas-checker/pull/482/files#diff-02327926eb1e6d9b33c3d62bd55da90506c59ad3f913f7431785468be07bd713

Does make sense to you to add something like this in spectral? It is probably an easy feature to add...

[dillonredding]

@ioggstream
Definitely seems like the base/default spectral rules should account for the core OAS.