follow up to resolve #112 and #295

Not sure I understand this. What do you mean with

MAY reject a particular cryptographic suite or the corresponding protected artifact

Can they refuse the use of ECDSA with P-256 and SHA-256?

Originally posted by @javereec in #295 (comment)

full text was

Although support for the above algorithm is mandatory, an Issuer, Verifier, or Wallet MAY reject a particular hashing algorithm or the corresponding protected artifact if there are reasonable security, privacy, or policy concerns (e.g., suspected compromise or non-compliance). Such decisions are out of scope of the algorithm requirements but can be necessary in real-world deployments.