Activities security

@plup this issue is the reference in the Trust spec summarised below:

Security of S2S exchanges (based on AP good practices and HTTP Signatures of servers)

The HTTP signatures part of this sentence is covered by djangoldp-packages/djangoldp#236

What remains is "AP good practices", and "everything else" about ActivityStreams security. Can I assign this to you please to scope it?

Issues which are already open and I think are relevant:

• #26
• #12
• #5
• djangoldp-packages/djangoldp#235
• djangoldp-packages/djangoldp#254