Include a section on transaction code brute-force attack protection in 1.0 errata

[javereec]

PR #686 adds an additional error code, but also adds a section on "transaction code guessing". The existing 1.0 text doesn't seem to include a warning on brute force attacks using transaction code and how to mitigate it. The WG thought it might be good to add this to errata as this is a valid attack vector that needs to be guarded against.

Note: this was discussed during WG call on 2026-02-05

[jogu]

Discussed again on today's PR: Makes sense to include this in errata.

Suggested that 1.0 change is incorporated into Oliver's PR, #686. May need slight difference as the new error code can't be used in 1.0.