fix: address 3 PARTIAL plan items

#15 @context security vocab: actor JSON now uses actor_ap_context()
     which includes W3C security vocab + Mastodon toot extensions
     (manuallyApprovesFollowers, discoverable, featured).
     Applied to actor_handler, actor_json(), broadcast_actor_update().
     Activity JSON keeps plain AS context (no security vocab needed).

#17 HTTP Digest (documented, no code change): production mode
     (debug=false) REQUIRES Digest header on inbound POSTs via
     require_digest() in the non-compat normalization config.
     Added doc comment to ApFederationConfig::new() to clarify.

#26 Integration tests: 3 new tokio tests in src/tests/integration.rs
     using in-memory trait stubs. Tests cover:
     - check_guards idempotency (duplicate activity rejected)
     - check_guards domain block (blocked domain skipped)
     - extract_and_dispatch_mentions (on_mention called for local actor)

src/federation.rs

@@ -18,6 +18,15 @@ impl UrlVerifier for PermissiveVerifier {
 pub struct ApFederationConfig(pub FederationConfig<FederationData>);
 
 impl ApFederationConfig {
+    /// Create a new federation config.
+    ///
+    /// **HTTP signature / Digest behavior:**
+    /// - Production (`debug = false`): strict normalization + **requires `Digest` header** on every
+    ///   inbound POST. All major AP implementations (Mastodon, Pleroma, Pixelfed) include it.
+    /// - Debug (`debug = true`): relaxes Digest requirement, disables signature verification,
+    ///   and accepts any URL. **Never use in production.**
+    ///
+    /// Outbound signing always uses Mastodon compat mode regardless of this flag.
     pub async fn new(data: FederationData, debug: bool) -> anyhow::Result<Self> {
         let config = if debug {
             FederationConfig::builder()