Document security considerations
A general statement about security seems appropriate, in addition to some specific comments:
- The VMOD implements HMAC with SHA3_*, but the "double hashing" isn't necessary, since SHA3 is not vulnerable to length extension attacks. It's sufficient to just concatenate the key with a message (initialize a digest object with the key in vcl_init).
- MD5 and SHA1 are for legacy, and should not be used in new code.
- CRC32 isn't crypto.