Specify DIDAuth requirement on holder implementations.

Co-authored-by: Mike Varley <mavarley@gmail.com>

index.html

@@ -486,7 +486,7 @@ <h3>The DID Authentication Response Format</h3>
         </table>
 
         <p class="advisement">
-It is vital that an implementation checks the `domain` provided by the
+It is vital that a <a>holder</a> implementation checks the `domain` provided by the
 `verifier` against the domain used for the current channel of communication. If
 this is not done, a dishonest <a>verifier</a> could then replay the message
 to a domain that is not their own. For example, a dishonest <a>verifier</a>