doc: DANE: don't claim TA can be elided from chain

doc: DANE: don't claim TA can be elided from chain

While technically an implementation can choose to use a public TA from
DNS or elsewhere to populate a missing TA from the chain, that creates
interoperability issues and the OpenSSL integration code, at least,
doesn't support that and after a bit of work drilling through layers of
abstraction, I've not figured out what GnuTLS does and I've decided I
don't care.

So I'm heeding Viktor's advice and changing the docs to just say to
publish the TA in the chain sent by the server.