Lay out a strategy for OpenAPI integration

We have a basic implementation in place now for validating API requests and responses against our specification. Now let's look into what other opportunities are available to leverage the specification and decide what would provide enough value to pursue.

Consider the following per #3466555-11: Also validate request bodies against the OpenAPI spec → :

Document where the exact cut-off lies of where OpenAPI validation ends (i.e. request/response shape validation) and "real" validation (i.e. content/config entity validation that inspects the actual values used, the "foreign keys" if you will)