Specify what kind of processing is safe on a returned document

[msporny]

@jyasskin wrote in https://github.com/w3c/vc-data-model/pull/1380#issuecomment-1854488841:

Another possible requirement (that might make sense to discuss in a separate issue) is that the securing specification should/must say what kind of processing is safe on the returned document. In particular, if the securing mechanism secures the JSON representation, like vc-jose-cose and ecdsa-jcs-2019, then it's not safe to subsequently process the document with a generic JSON-LD processor because some of the contexts might have changed since the signature was made. On the other hand, if the securing mechanism secures the RDF, like ecdsa-rdfc-2019, then it's not safe to subsequently process the document as JSON, because it's possible to move properties into unexpected other objects without breaking the signature, and the JSON processor might miss something the issuer needed them to find.

H/T https://medium.com/@markus.sabadello/json-ld-vcs-are-not-just-json-4488d279be43 and see w3c/vc-jose-cose#188.

[msporny]

This is probably not the right place to track this issue. It's now being tracked here: https://github.com/w3c/vc-data-model/issues/1388