* add allowed_response_headers and plugin_version to auth method config * add user_lockout_config to auth tune * add changelog; * update test * add test
