Add security considerations for the crypto API design

[jedisct1]

Preliminary security design document for the crypto API.

[programmerjake]

Maybe there should be way to construct insecure algorithms for cases where they are not used for cryptographic security: A good example is SHA1's use in the WebSockets protocol where it is used to detect improperly behaving HTTP caches/proxies rather than for any security properties: https://tools.ietf.org/html/rfc6455#section-10.8

[jedisct1]

Mmmm... this example doesn't require a preimage resistant hash function, but doesn't use a custom version of SHA1 either.

A better illustration would be a reduced-round version, but that is probably not the kind of tweak we want to support.