Update some WebCrypto comments to better describe the threading reality.

components/webcrypto/blink_key_handle.cc

Index: components/webcrypto/blink_key_handle.cc
diff --git a/components/webcrypto/blink_key_handle.cc b/components/webcrypto/blink_key_handle.cc
index 012c7c0b7ba884fe50414058c2c73277eb6cd8ab..65825a43ae8bae369aff7ad7d0a12dd852206642 100644
--- a/components/webcrypto/blink_key_handle.cc
+++ b/components/webcrypto/blink_key_handle.cc
@@ -26,6 +26,9 @@ class AsymKey;
 // 'raw', 'pkcs8', or 'spki' format. This is to allow structured cloning of
 // keys to be done synchronously from the target Blink thread, without having to
 // lock access to the key throughout the code.
+//
+// TODO(eroman): Should be able to do the key export needed for structured
+//               clone synchronously.
 class Key : public blink::WebCryptoKeyHandle {
  public:
   explicit Key(const CryptoData& serialized_key_data)
@@ -63,12 +66,14 @@ class SymKey : public Key {
 
 class AsymKey : public Key {
  public:
+  // After construction the |pkey| should NOT be mutated.
   AsymKey(crypto::ScopedEVP_PKEY pkey,
           const std::vector<uint8_t>& serialized_key_data)
       : Key(CryptoData(serialized_key_data)), pkey_(std::move(pkey)) {}
 
   AsymKey* AsAsymKey() override { return this; }
 
+  // The caller should NOT mutate this EVP_PKEY.
   EVP_PKEY* pkey() { return pkey_.get(); }
 
  private: