updating docs to reflect security risks for SSLKEYLOGFILE

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)

INSTALL.md

@@ -1083,7 +1083,10 @@ See manual pages OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details
 Build with support for the SSLKEYLOGFILE environment variable
 
 When enabled, setting SSLKEYLOGFILE to a file path records the keys exchanged
-during a TLS handshake for use in analysis tools like wireshark.
+during a TLS handshake for use in analysis tools like wireshark.  Note that the
+use of this mechanism allows for decryption of application payloads found in
+captured packets using keys from the key log file.  See Section 3 of 
+[the draft standard for SSLKEYLOGFILE](https://datatracker.ietf.org/doc/draft-thomson-tls-keylogfile/)
 
 ### no-ts