fix(tokens/token-extensions/nft-meta-data-pointer/anchor-example): flag unaudited session-keys crate near declare_id

This example depends on the third-party `session-keys` crate, which has not
been independently audited. Anyone reading the example landing on declare_id!
should be told that up front, so add an explicit warning comment right above
declare_id! explaining that this is for education only and pointing at what
to do before considering it for production.

Author: mikemaccana-edwardbot

tokens/token-extensions/nft-meta-data-pointer/anchor-example/anchor/programs/extension_nft/src/lib.rs

@@ -7,6 +7,13 @@ pub mod instructions;
 pub mod state;
 use instructions::*;
 
+// WARNING: This example depends on the `session-keys` crate, which has not
+// been independently audited. It is included here purely for educational
+// purposes - demonstrating how a game might let a player sign with a
+// short-lived session token instead of their main wallet. Do not ship this
+// crate (or this program) to mainnet in its current form: review the upstream
+// `session-keys` source, get an audit, and harden the session-token issuance
+// and expiry handling first.
 declare_id!("9aZZ7TJ2fQZxY8hMtWXywp5y6BgqC4N2BPcr9FDT47sW");
 
 #[program]