Function token_from_headers 

pub fn token_from_headers(headers: &HeaderMap) -> Option<String>

Extract the bearer token from Authorization: Bearer <t> or the X-API-Key header.