Add trusted content notes to QOpenGLShader(Program)

Pick-to: 6.8
Change-Id: I089044e6834ebbb992b36c898eb956959f430522
Reviewed-by: Andy Nichols <andy.nichols@qt.io>
(cherry picked from commit f9a625eb8c774643a8e8a5ff9548634e34bf4fe0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

src/opengl/qopenglshaderprogram.cpp

@@ -110,6 +110,17 @@ using namespace Qt::StringLiterals;
     they advertise the extension or offer OpenGL ES 3.0. In this case program
     binary support will be disabled.
 
+    \section1 Security Considerations
+
+    All data consumed by QOpenGLShaderProgram is expected to be trusted content.
+    Shader source code is passed, possibly after minimal modifications, on to
+    the underlying OpenGL implementation's compiler, which is a black box from
+    Qt's perspective.
+
+    \warning Application developers are advised to carefully consider the
+    potential implications before passing in user-provided content to functions
+    such as addShaderFromSourceFile().
+
     \sa QOpenGLShader
 */
 
@@ -126,6 +137,15 @@ using namespace Qt::StringLiterals;
     QOpenGLShader and QOpenGLShaderProgram shelter the programmer from the details of
     compiling and linking vertex and fragment shaders.
 
+    All data consumed by QOpenGLShader is expected to be trusted content. Shader
+    source code is passed, possibly after minimal modifications, on to the
+    underlying OpenGL implementation's compiler, which is a black box from Qt's
+    perspective.
+
+    \warning Application developers are advised to carefully consider the
+    potential implications before passing in user-provided content to functions
+    such as compileSourceFile().
+
     \sa QOpenGLShaderProgram
 */