crypto: EFAIL: clarify that we handle broken encrypted messages properly
If a message that is encrypted fails the decryption for some reason, gpg
might still provide us with its plaintext. That can happen when the MDC
(Modification Detection Code) indicates that it's been tampered with,
for example. As per upstream's recommendations, we've been always
ignoring the cleartext in that case.
Let's clarify that this is on purpose as a part of a defense-in-depth
approach. Our HTML renderer still would not request external entities
and therefore it won't leak the cleartext to the adversary.
Change-Id: Ic5b175a7d230ccdb99d74902782a01aa09339c14