Document security of XBR in Autobahn

[oberstet]

AutobahnJS supports and uses cutting edge secure technology, for authentication, and (upcoming) for XBR (end-to-end data transaction level encryption).

ABJS supports WAMP-cryptosign, an authentication method based on Curve25519 elliptic curves and authentication algorithms (Ed25519) designed by djb:

• https://en.wikipedia.org/wiki/Curve25519
• http://safecurves.cr.yp.to/
• https://nacl.cr.yp.to/

Now, in ABJS we use this specific (pure JS) implementation of above stuff:

• https://github.com/dchest/tweetnacl-js
• https://tweetnacl.js.org/

This implementation (TweetNaCl) has recently be going through a security audit with no single security issue or problem found!

• https://tweetnacl.js.org/audits/cure53.pdf
• https://cure53.de/
• http://deletype.com/

[oberstet]

further, as XBR relies on the same underlying cryptography, we should document above here in ABJS