Security page in the docs should mention that rustup assumes trusted file system

Today, it's possible to make rustup execute arbitrary code by crafting a `rust-toolchain.toml` file:

https://github.com/jonas-schievink/mallory/blob/master/rust-toolchain

This probably should be mentioned on the security page: https://rust-lang.github.io/rustup/security.html