document correct usage for library authors

[w4rum]

This addresses #11:

When using another smart-contract as dependency it also generates it's security.txt.
The compiler is helpful here and prevents two conflicting security.txt being present.

Dependencies have to omit emitting the security.txt. Solana contracts already use the no-entrypoint feature to avoid including entrypoints of dependent smart-contracts, this can easily be adapted here.

We have brainstormed a bit, but there doesn't seem to be a fool-proof solution for solving this automatically. So there isn't much we can do about that from the perspective from this crate. The decision to include or not include the macro always has to happen from the caller, and we cannot introspect if the parent is compiled with no-entrypoint.

This aspect is currently lacking from the documentation, working on a pull-request to fix this, and make it very clear that if you expect to be included as dependency and have an exposed no_entrypoint feature, you have to put the security.txt under that as well:

#[cfg(not(feature = "no-entrypoint"))]
security_txt! {
...
}

Unfortunately, this issue means contracts that currently do not do this cannot be used as a dependency until they are updated.

[tlambertz]

Let's add the conditional to the example in security-txt/src/lib.rs as well.

[w4rum]

Oops, done.