This restriction is currently raised when a member first tries to active, which is early enough to avoid impact to the consensus, but not user friendly.

Instead, CCF should check (and raise an error if needed) in two places:

1. In the start config when members are provided there
2. In the validate() call for set_member

In addition, the doc should make clear why EC keys are not supported for this purpose.