Add SIGHUP credential reload feature entry to CHANGELOG

CHANGELOG.md

@@ -1,5 +1,21 @@
 # CHANGELOG
 
+- [Feature] SIGHUP credential reload support
+    - Credentials from `credentials.toml` can now be reloaded without restarting the endpoint
+    - Send SIGHUP signal to the process or use `systemctl reload trusttunnel` to reload both TLS hosts and credentials
+    - New credentials are applied atomically; existing connections continue with old credentials
+    - Per-client connection limits are also updated during reload
+    - Empty credentials are rejected on non-loopback addresses (validation preserved)
+    - Added `ExecReload` directive to systemd service template
+
+  API changes in the library:
+    - Added `credentials_file_path` field to `settings::Settings` to track credentials file location
+    - Added `populate_credentials_file_path()` and `get_credentials_file_path()` methods to `settings::Settings`
+    - Added `load_clients_from_file()` public function in `settings` module for standalone credential loading
+    - Added `reload_credentials()` method to `core::Core` for runtime credential updates
+    - Changed `authenticator` field in `core::Context` from `Option<Arc<dyn Authenticator>>` to `Arc<RwLock<Option<Arc<dyn Authenticator>>>>`
+    - Changed `connection_limiter` field in `core::Context` from `Option<Arc<ConnectionLimiter>>` to `Arc<RwLock<Option<Arc<ConnectionLimiter>>>>`
+
 ## 1.0.16
 
 - [Fix] HTTP/1.1 codec busy loop when receiving partial request headers.