Document extension caching of X509_check_purpose()

Document extension caching of X509_check_purpose()

The overwhelming majority of callers of X509_check_purpose() in our tree
pass a purpose of -1. In this case X509_check_purpose() acts as a wrapper
of x509v3_cache_extensions() which makes sanity checks like non-negativity
of ASN.1 integers or canonicity of RFC 3779 extensions as well as checking
uniqueness of extensions.

from schwarze who beat an initial diff of mine into shape