Clarify how Explicit TA database should be populated

[malishav]

Based on @EskoDijk 's review in https://mailarchive.ietf.org/arch/msg/ace/I70MHcCzSfPIy28lDqxEOcllgJw/:

3.2 Certificate-based Authentication

… client SHOULD populate its Explicit TA database … There’s a requirement on the client here, but what should the client do concretely? Are there some details needed on how to do this? And with whom are the “subsequent authentications” made, only with EST servers or with any servers/peers in the domain? (If it concerns EST server then it’s in scope of this spec.) And what are the exception cases of the SHOULD ? It’s also not so clear here how this requirement differs from RFC 9148 requirements on Explicit and Implicit TA database.

[malishav]

Reference the text from RFC 9148 on Implicit/Explicit TA database requirements and how they are populated (Section 9.1 of RFC 9148 and Section 9.2 of RFC 9148).