NTS doc updates
This includes a simple removal of a duplicated paragraph I noticed, but the main change is the addition of my thoughts on certificate validation and the "suspect" peers idea from the mailing list. I tried to flesh this out a little bit more by looking at the OpenSSL documentation. Note that I have not written C code using OpenSSL (at least nothing working with certificates), so this should be taken with a big grain of salt. But I figured more specifics might save the implementer(s) some time.