Improve init() documentation and point to ulimit for errors

src/vmod_gcrypt.vcc

@@ -156,9 +156,15 @@ created; details below.
 With ``INIT_SECMEM``, you can configure the size of the secure memory
 pool to ``n`` bytes (the ``n`` parameter is ignored for the other
 ENUMs). The data type for ``n`` is BYTES, so the value must be written
-with a suffix such as B or KB. Secure memory is enabled by default and
-set to a default size (32 KiB in libgcrypt 1.6.3), so you don't have
-to call ``init()`` with ``INIT_SECMEM`` to use the default.
+with a suffix such as B or KB. Secure memory is enabled by default
+and, if configured, a minimum size is enforced by libgcrypt (32 KiB in
+libgcrypt 1.6.3), so you don't have to call ``init()`` with
+``INIT_SECMEM`` to use the default.
+
+The most likely cause for ``INIT_SECMEM`` to fail with ``Cannot
+initialize secure memory ... gcrypt/General error`` is that locking
+the memory failed. In this case ensure that the resource limits are
+configured appropriately (check ``ulimit -l``).
 
 Setting ``n`` to 0B with ``INIT_SECMEM`` disables secure memory, and
 hence has the same effect as calling ``init(DISABLE_SECMEM)``. If