security note for deriving Deserialize on types with invariants

When deriving Deserialize, it should be ensured that invariants of the types cannot be violated by deserializing untrusted data. This is especially important if the invariants are trusted by `unsafe` code.
I checked but couldn't find such a note in the docs currently.