I have had various people asking, and to me it felt like an obvious answer, but as multiple have asked over the past couple of month I figured I would dedicate a post to it. The question is if it is supported to run the vSAN Witness Appliance for a 2 Node vSAN configuration on the 2 Node vSAN Configuration itself, but then with vSphere SMP-FT enabled on the Witness for extra protection.
The short answer: No, this is not supported.
The slightly longer answer: No, this is not supported. The vSAN Witness needs to run outside of the vSAN cluster it is acting as a witness for. The reason for this is fairly straight forward: Just imagine the vSAN hosts are partitioned and cannot talk to each other, yet both may have access to the Witness as a result of FT doing what it is designed to do. But those are different instances of the same Witness, which potentially can lead to all sorts of strange problems.