Clarify supported root key sizes

The table in Section 3.1.20 implies that _only_ 2048-bit RSA roots are allowed. My guess is that it intends to say that roots must be a minimum of 2048 bits, such that 4096 is also acceptable. But the fact that the ECDSA row in the same table lists three named curves explicitly seems to imply that the RSA row is also listing all acceptable key sizes.