Clarify notary servers are no longer required to sign responses

[f0x52]

Link to problem area: https://spec.matrix.org/v1.11/server-server-api/#querying-keys-through-another-server

Issue As per discussion with the Matrix.org security team, notary responses are only signed for compatibility with very old versions of Synapse. This is superfluous as the TLS connection already authenticates the response. Notably, for backwards compatibility matrix.org still signs these responses with their old ed25519:auto key, even though it's marked as expired.

afaik, Conduit and Dendrite don't implement these key query routes at all

[turt2live]

I think this would require an MSC.