Allow access tokens to be gathered as parameters too
The current code only allows bearer tokens to be read from the headers. Since applications (see lemur) can use the params for the token. This will augment the compatibility of lemonLdap in the openidconnect case