Refine assertions around 3xx redirect responses

[benfrancis]

PR #194 added an assertion to section 7.2.8.3 Error Responses which disallows 3xx redirect responses by Web Things in order to close issue #151.

Disallowing 3xx responses altogether may conflict with assertions in section 7.1.2 Security Bootstrapping the WoT Discovery specification which defines circumstances under which 302 and 303 responses MUST be used.

I see that an Editor's Note was already added by @mmccool in 93ac9b4 which highlights this potential conflict, but I couldn't fine an issue tracking it, which is why I've filed this one.

Note that there's also an editor's note I previously added about 3xx redirect responses which will also need removing once this is resolved.

[benfrancis]

Note that the assertions in WoT Discovery are in the context of security bootstrapping, which is about getting access to the Thing Description itself, rather than the endpoints described in Forms necessarily.

However, the same conflict could equally apply to any Thing which uses the OAuth2SecurityScheme with the code flow in its Thing Description, which would apply to the operation endpoints used in WoT Profile's protocol bindings.

It's possible there may be other use cases for 3xx responses too, such as the one I described in #194.

[mlagally]

Arch call on July 20th:
Agree to remove the 3xx assertion in the current form, also the edititorial notes.
The discussion in this issue should still review whether the behavior of a consumer of 3xx is unambiguously specified in the HTTP spec.
"300 multiple choices" may need additional clarifications.
Check corresponding section in https://datatracker.ietf.org/doc/html/rfc7231

[benfrancis]

Another valid use case of 3xx responses is redirects which strip a trailing slash from a URL, e.g. from /properties/ to /properties.