clarify that ecosystems can define certificate profiles for x509_hash

[awoie]

clarify that ecosystems can define certificate profiles for x509_hash
fixes #224

[jogu]

Should be updated to consider the change just merged in #262

[Sakurann]

personally, I don't think any adjustments are needed to this PR even after #262 is merged. this one gives the basic info the reader needs to know about x509_hash and 262 gives larger guidance for the ecosystems in terms of validation.

we could move text in 262 (quoted below to facilitate the disucssion) to the bullet point edited in this PR, but don't think it is strictly necessary.

Note that while this document does not define profiles for X.509 certificates used in Verifier authentication (e.g., with the x509_hash Client Identifier Prefix), ecosystems are encouraged to define their own certificate issuing policies and certificate profiles. Such policies and profiles MAY specify how information in the certificate corresponds to information in the presentation flows. For example, an ecosystem might require that the Wallet verifies that the redirect_uri, response_uri, origin, or expected_origin request parameters match with information contained in the Verifier's end-entity certificate (e.g., its DNS name).