Clarify that context integrity protection happens when fetching/caching

[msporny]

From the SING review:

@context integrity verification – clarified that integrity protection should occur during context resolution/caching rather than at every use.

Observation:
The specification implies that context integrity should be verified at every use of the DID Document. SING discussions clarified that in practice, integrity verification occurs primarily at the implementation layer, during context resolution or caching not per operation.

Therefore, it is advisable to ask those who use the DID method to specify the hash of the linked files, as was done for VCDM https://www.w3.org/TR/vc-data-model-2.0/#base-context.

Implementations MUST treat the base context value, located at https://www.w3.org/ns/credentials/v2, as already retrieved; the following value is the hexadecimal encoded SHA2-256 digest value of the base context file: 59955ced6697d61e03f2b2556febe5308ab16842846f5b586d7f1f7adec92734. It is possible to confirm the cryptographic digest above by running the following command from a modern Unix command interface line: curl -s https://www.w3.org/ns/credentials/v2 | openssl dgst -sha256.

[msporny]

A PR should be raised that gives the DID Context similar treatment to VC Data Model and urges DID Method specs to do the same.