Describe the bug
According to the Operation Object description, The security property should be treated differently depending on whether it was missing or explicitly set to an empty array. If it was an empty array, it should clear the root level security property declaration. If it wasn't provided, the root level declaration applies to the operation.

OpenApi File To Reproduce

openapi: 3.0.0
info:
  title: test
  version: "1.0"
paths:
  /test:
    get:
      description: description for test path
      responses:
        '200':
          description: test
      security: [] #<---- this operation should not use any security. if we remove this, the operation will use the root level security declaration
security:
- apiKey0: [] #<---- root level security declaration
components:
  securitySchemes:
    apiKey0:
      type: apiKey,
      name: x-api-key,
      in: header

Expected behavior

If the security property is not provided, the value in the library should be null to allow differentiating between missing and empty properties. Another alternative is to allow checking if a property was provided in the document.

Screenshots/Code Snippets

N/A

Additional context