feat: support ASP.NET policy authorization on endpoints

[tmeckel]

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-8.0

Must support

[Authorize(Policy = "AtLeast21")]
public class AtLeast21Controller2 : Controller
{
    [Authorize(Policy = "IdentificationValidated")]
    [Authorize(Policy = "CountryUS")]
    public IActionResult Index() => View();
}

Use vendor extension x-aspnetcore-authorize-policy (array)