Add sentence suggesting that Issuer information should be validated by the Receiver (#174)

* Add sentence suggesting that Issuer information should be validated by the Receiver

* Update openid-sharedsignals-framework-1_0.md

Co-authored-by: Tim Cappalli <[email protected]>

---------

Co-authored-by: Tim Cappalli <[email protected]>

Author: FragLegs

openid-sharedsignals-framework-1_0.md

@@ -605,7 +605,8 @@ Transmitter.
 ## Obtaining Transmitter Configuration Metadata
 
 Using the Issuer URL as documented by the Transmitter, the Transmitter Configuration
-Metadata can be retrieved.
+Metadata can be retrieved. Receivers SHOULD ensure that the Issuer URL comes from a
+trusted source and uses the `https` scheme.
 
 Transmitters supporting Discovery MUST make a JSON document available at the
 path formed by inserting the string "/.well-known/ssf-configuration" into the