Error is generated if a `securitySchemes` entry in the `Components Object` is a reference

[elize-vdr]

Description of the bug
When a securitySchemes entry is a $ref then an error is generated. According to the OpenApi V3.0.1 this is allowed.

Example
Here is the securitySchemes definition in the components object in our OpenApi spec:

components:
  securitySchemes:
    OAuth2:
      $ref: 'common-definitions_v4.yaml#/components/securitySchemes/OAuth2'
    PersonalAccessTokens:
      $ref: 'common-definitions_v4.yaml#/components/securitySchemes/PersonalAccessTokens'

The following 2 errors are generated:

$ref is not a valid property at #/components/securitySchemes/OAuth2
$ref is not a valid property at #/components/securitySchemes/PersonalAccessTokens

Expected behavior
The above securitySchemes definition with $ref should not generated the above error. According to OpenApi V3.0.1 spec this is allowed, quoting from the spec:

securitySchemes    |    Map[string, Security Scheme Object / Reference Object]     |     An object to hold reusable Security Scheme Objects.

[darrelmiller]

Thank you for reporting this. I agree this is a bug.