Clarify client flexibility

[simon-friedberger]

It was pointed out in #105 that clients should have flexibility to redact fields. The example given by Martin was to remove server_ip when the connection is likely to be intercepted because it is using a certificate not in the default trust store.

I think some text explicitly giving clients this flexibility should be added.

[clelland]

@achristensen07 is this a feature that you think would be valuable? You mentioned at TPAC that you'd be interested in redacting some info from NEL reports