mention sandboxing

README.md

@@ -22,6 +22,7 @@ Key Features
 * Private keys isolated in separate process (RSA and ECDSA)
 * Default sane TLS ciphersuites (PFS in all major browsers)
 * Modules can be reloaded on-the-fly, even while serving content
+* Worker processes sandboxed on OpenBSD (pledge) and Linux (seccomp)
 * Event driven (epoll/kqueue) architecture with per CPU worker processes
 * Build your web application as a precompiled dynamic library or single binary