Clarify scope in the introduction and the abstract

[malishav]

From John Mattsson's review (https://mailarchive.ietf.org/arch/msg/ace/h85KdNLkMxqzCZjJlY-fGlPEyVw/):

This is probably handled by other drafts, but I think the draft should summarize some very basic high-level things in the introduction. Is the client assumed to have some form of credential before starting EST-oscore. In that case what kind of credential. The whole point of certificates is to bind a public key with an identity. How does the server verify the identity? If things are out of scope, it is often best to state that.

[EskoDijk]

I think the abstract text currently misses the most important aspect: the fact that we're defining an OSCORE-protected version of EST-coaps, i.e. that replaces DTLS with OSCORE.

Other major improvements, if we include those, may be mentioned as well - I'm thinking of the additional CBOR based Content-Format alternatives that were discussed in #34 (but only once these alternatives are ready and included in the content).