Justify moving zeroize() to utils in ChangeLog

ChangeLog

@@ -26,6 +26,15 @@ API Changes
      if more data is pending to be processed in the internal message buffers.
      This function is necessary to determine when it is safe to idle on the
      underlying transport in case event-driven IO is used.
+   * Extend the platform module with a util component that contains
+     functionality shared by multiple Mbed TLS modules. At this stage
+     platform_util.h (and its associated platform_util.c) only contain
+     mbedtls_platform_zeroize(), which is a critical function from a security
+     point of view. mbedtls_platform_zeroize() needs to be regularly tested
+     against compilers to ensure that calls to it are not removed from the
+     output binary as part of redundant code elimination optimizations.
+     Therefore, mbedtls_platform_zeroize() is moved to the platform module to
+     facilitate testing and maintenance.
 
 Bugfix
    * Fix spurious uninitialized variable warning in cmac.c. Fix independently
@@ -286,11 +295,6 @@ New deprecations
      from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
      accepting DHM parameters in binary form, matching the new constants.
 
-API Changes
-   * Create a new header utils.h that contains functionality shared by multiple
-     mbed TLS modules. At this stage utils.h (and its associated utils.c) only
-     contain mbedtls_zeroize().
-
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.