Improve explanation of Identifiable Aborts

[real-or-random]

• For example, it currently doesn't say anything about blaming the aggregator. If we keep the InvalidContributionError, then we should elaborate in the text.
• Also, it currently says "This standard specifies a partial signature verification algorithm to identify disruptive signers. It is incompatible with third-party nonce aggregation because the individual nonce is required for partial verification." That's not entirely true. The aggregator can still identify disruptive parties. We could also refer to ROAST now for a more formal discussion of IA.
• "All the aggregator node can do is prevent the signing session from succeeding by sending out incorrect aggregate nonces." It can also send a wrong final sig.

Originally posted by @real-or-random in #9 (comment)

[real-or-random]

Let's first try to merge #21, then I can take care of this.

[real-or-random]

The first two points have been solved by #67.

"All the aggregator node can do is prevent the signing session from succeeding by sending out incorrect aggregate nonces." It can also send a wrong final sig.

Indeed, and at the moment we don't mention at all that that the aggregator can also be used in the second round. We should probably do this.

[real-or-random]

Remaining point solved by #70