SECURITY.md: make x509 data section more readable

Signed-off-by: Janos Follath <janos.follath@arm.com>

SECURITY.md

@@ -145,15 +145,18 @@ Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).)
 The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED`
 configuration option is defined. This option is off by default.
 
-#### Formatting of X.509 certificates and certificate signing requests
+#### Formatting of X509 data
 
-When parsing X.509 certificates, certificate signing requests (CSRs) or
+This section discusses limitations in how X.509 objects are processed. This
-certificate revocation lists (CRLs) Mbed TLS does not check that they are
+applies to certificates, certificate signing requests (CSRs) and certificate
-strictly compliant with X.509 and other relevant standards. In the case of
+revocation lists (CRLs).
-signed certificates and signed CRLs, the signing party is assumed to have
+
-performed this validation (and the certificate or CRL is trusted to be correctly
+Mbed TLS does not check that they are strictly compliant with X.509 and other
-formatted as long as the signature is correct).  Similarly, CSRs are implicitly
+relevant standards. In the case of signed certificates and signed CRLs, the
-trusted by Mbed TLS to be standards-compliant.
+signing party is assumed to have performed this validation (and the certificate
+or CRL is trusted to be correctly formatted as long as the signature is
+correct).  Similarly, CSRs are implicitly trusted by Mbed TLS to be
+standards-compliant.
 
 **Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless
 extra validation is performed separately to ensure that they are compliant to