Create ChangeLog entry explaining #4044

The change made by PR #4044 was previously advertised in the
2.16.10 ChangeLog, however #4044 had not yet been merged.
Create a new entry for #4044, with a note that the previous
entry was in error.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt
new file mode 100644
index 0000000..213a824
--- /dev/null
+++ b/ChangeLog.d/issue4870.txt
@@ -0,0 +1,10 @@
+Bugfix
+   * Mark basic constraints critical as appropriate. Note that the previous
+     entry for this fix in the 2.16.10 changelog was in error, and it was not
+     included in the 2.16.10 release as was stated.
+     Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
+     5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
+     all CA certificates that contain public keys used to validate digital
+     signatures on certificates and MUST mark the extension as critical in
+     such certificates." Previous to this change, the extension was always
+     marked as non-critical. This was fixed by #4044.