Improve docs for pico_encrypt_binary

Add newlines for readability, and explain why MbedTLS version is insecure

Author: will-v-pi

tools/CMakeLists.txt

@@ -411,11 +411,15 @@ endfunction()
 # containing 16 bytes of a random IV), to give the IV used by the encryption.
 # This sets PICOTOOL_AESFILE to AESFILE, PICOTOOL_IVFILE to IVFILE, and
 # PICOTOOL_ENC_SIGFILE to SIGFILE if specified, else PICOTOOL_SIGFILE.
+#
 # Optionally, use EMBED to embed a decryption stage into the encrypted binary.
 # This sets PICOTOOL_EMBED_DECRYPTION to TRUE.
+#
 # Optionally, use MBEDTLS to to use the MbedTLS based decryption stage - this
-# is faster, but less secure.
+# is faster, but offers no security against power or timing sniffing attacks,
+# and takes up more code size.
 # This sets PICOTOOL_USE_MBEDTLS_DECRYPTION to TRUE.
+#
 # Optionally, use OTP_KEY_PAGE to specify the OTP page storing the AES key.
 # This sets PICOTOOL_OTP_KEY_PAGE to OTP_KEY_PAGE.
 function(pico_encrypt_binary TARGET AESFILE IVFILE)