core/crypto: Add more documentation about assumptions (NFC)

core/crypto/README.md

@@ -14,6 +14,14 @@ constant-time byte comparison.
 - Best-effort is make to mitigate timing side-channels on reasonable
   architectures.  Architectures that are known to be unreasonable include
   but are not limited to i386, i486, and WebAssembly.
+- Implementations assume a 64-bit architecture (64-bit integer arithmetic
+  is fast, and includes add-with-carry, sub-with-borrow, and full-result
+  multiply).
+- Hardware sidechannels are explicitly out of scope for this package.
+  Notable examples include but are not limited to:
+  - Power/RF side-channels etc.
+  - Fault injection attacks etc.
+  - Hardware vulnerabilities ("apply mitigations or buy a new CPU").
 - The packages attempt to santize sensitive data, however this is, and
   will remain a "best-effort" implementation decision.  As Thomas Pornin
   puts it "In general, such memory cleansing is a fool's quest."