Add advisory for manzana

crates/manzana/RUSTSEC-0000-0000.md

@@ -0,0 +1,34 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "manzana"
+date = "2026-04-07"
+url = "https://github.com/paiml/manzana/issues/3"
+references = ["https://github.com/paiml/manzana/blob/89e3183ac38088d418a2edeb9d3e0f35133b27a3/README.md", "https://github.com/paiml/manzana/blob/89e3183ac38088d418a2edeb9d3e0f35133b27a3/src/secure_enclave.rs#L312", "https://github.com/paiml/manzana/blob/89e3183ac38088d418a2edeb9d3e0f35133b27a3/src/secure_enclave.rs#L352"]
+categories = ["crypto-failure"]
+keywords = ["apple", "secure-enclave", "ecdsa", "signature-verification"]
+
+[affected]
+arch = ["aarch64"]
+os = ["macos"]
+
+[affected.functions]
+"manzana::secure_enclave::SecureEnclaveSigner::create" = ["<= 0.2.0, >= 0.1.0"]
+"manzana::secure_enclave::SecureEnclaveSigner::load" = ["<= 0.2.0, >= 0.1.0"]
+"manzana::secure_enclave::SecureEnclaveSigner::delete" = ["<= 0.2.0, >= 0.1.0"]
+"manzana::secure_enclave::SecureEnclaveSigner::sign" = ["<= 0.2.0, >= 0.1.0"]
+"manzana::secure_enclave::SecureEnclaveSigner::verify" = ["<= 0.2.0, >= 0.1.0"]
+
+[versions]
+patched = []
+```
+
+# Stubbed cryptography without warnings
+
+The `manzana` crate appears to be a work-in-progress module for the Apple Silicon chips' features, including the Secure Enclave.
+
+This crate's description and `README`s make no hint at the fact that the [`SecureEnclaveSigner`](https://docs.rs/manzana/0.2.0/manzana/secure_enclave/struct.SecureEnclaveSigner.html) type is a stubbed implementation that does not actually perform any cryptographic operations, and instead returns fixed values.
+
+Unsuspecting users of the crate, who may not check the source code, receive no warning about this and may believe they are using a secure implementation when they are not.
+
+There are currently (as of `2026-04-07`) no versions of the crate that contain either a real implementation, or a warning about the stubbed cryptography.