Point out that KEM-based message protection is limited to one hop

[DDvO]

When discussing our spec in section 5.1.3.4. etc. with our first implementer @Akretsch, he pointed out an interesting issue that at least I had not noticed before, as he meanwhile wrote in #30:

KEM protection can be used only between two PKI entities (hop to hop) and the protection cannot be validated by third PKI entities (end to end)? So always a reprotection is needed to keep integrity?

I fear that the answer to all three questions is 'yes', and if so, we should point this out in our text.

[DDvO]

As discussed over lunch today, this is a general problem also with other forms of MAC-based protection. It is not something we need to handle at 4210bis level, but should in any update to the LCMPP where so far we assume that (more or less) all PKI entities have/use keys that are capable of signing.