docs/release-notes: add tls changes

docs/release-notes.rst

@@ -22,6 +22,15 @@ NixOS 26.05
   established by `agenix`_/`sops-nix`_ that instead rely on encryption. This
   option prevents files from leaking in to the Nix store.
   See :option:`mailserver.accounts.<name>.passwordFile`.
+- TLS configurations have been updated:
+
+  - TLSv1.2 cipher suites in Postfix now require `AEAD`_ and `ECDHE`_.
+  - Postfix and Dovecot allow for the ``SecP256r1MLKEM768``
+    key exchange, as specified in the ongoing
+    `standardization effort <https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/>`__.
+  - Postfix no longer supports uncommon, deprecated, and obsolete TLS signature
+    algorithms.
+
 - LDAP setups require a migration of Dovecot home directories to
   `UUID based home directories`_. The exact UUID attribute can be customized
   through :option:`mailserver.ldap.attributes.uuid`.
@@ -45,6 +54,8 @@ NixOS 26.05
 .. _DKIM key management: dkim.html
 .. _agenix: https://github.com/ryantm/agenix
 .. _sops-nix: https://github.com/Mic92/sops-nix
+.. _AEAD: https://en.wikipedia.org/wiki/Authenticated_encryption
+.. _ECDHE: https://www.rfc-editor.org/rfc/rfc8422
 .. _UUID based home directories: migrations.html#dovecot-ldap-uuid-based-home-directories
 
 NixOS 25.11