Add footnote about actor/keyId resolution during HTTP Signature processing

[mjankowski]

Resolves https://github.com/mastodon/documentation/issues/1431

This page was actually improved quite a bit since the original issue, but I think the nuance around this one detail is still missing. This is essentially a verbatim copy/paste from the issue into what I think is a relevant portion of the spec description/guide.

I contemplated whether this was most appropriate on this security page or the AP spec page, and opted for here. Don't feel strongly though, could move.

[andypiper]

Requesting an additional review from @oneiros or @ClearlyClaire just to double-check here, thanks.