Read-only fields in request body - ignore vs. 400

Cause client never know which of attributes are read-only.

They’d certainly know which field was read-only; permanently read-only fields would be documented, and the returned error object would also contain the prohibited field in pointer.