Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 6c4ca38..207aed0 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -428,12 +428,16 @@
  *                  PSA_KEY_USAGE_DERIVE.
  *                  Context key must match all passed usage flags.
  *
+ * \warning         Since the set of allowed algorithms and usage flags may be
+ *                  expanded in the future, the return value \c 0 should not
+ *                  be taken in account for non-allowed algorithms and usage
+ *                  flags.
+ *
  * \return          1 if the context can do operations on the given type.
  * \return          0 if the context cannot do the operations on the given
- *                  type, or for non-allowed algorithms and usage flags.
- *                  This is always the case for a context that has
- *                  been initialized but not set up, or that has been
- *                  cleared with mbedtls_pk_free().
+ *                  type, for non-allowed algorithms and usage flags, or
+ *                  for a context that has been initialized but not set up
+ *                  or that has been cleared with mbedtls_pk_free().
  */
 int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
                            psa_key_usage_t usage );