new batch mode docs, add doc/ to -build branch

src/vulns/CVE-2017-5753.sh

@@ -62,7 +62,7 @@ check_CVE_2017_5753_linux() {
         # Primary detection: grep for sysfs mitigation strings in the kernel binary.
         # The string "__user pointer sanitization" is present in all kernel versions
         # that have spectre_v1 sysfs support (x86 v4.16+, ARM64 v5.2+, ARM32 v5.17+),
-        # including RHEL "Load fences" variants. This is cheap and works offline.
+        # including RHEL "Load fences" variants. This is cheap and works in no-runtime mode.
         pr_info_nol "* Kernel has spectre_v1 mitigation (kernel image): "
         v1_kernel_mitigated=''
         v1_kernel_mitigated_err=''
@@ -98,7 +98,7 @@ check_CVE_2017_5753_linux() {
         # Fallback for v4.15-era kernels: binary pattern matching for array_index_mask_nospec().
         # The sysfs mitigation strings were not present in the kernel image until v4.16 (x86)
         # and v5.2 (ARM64), but the actual mitigation code landed in v4.15 (x86) and v4.16 (ARM64).
-        # For offline analysis of these old kernels, match the specific instruction patterns.
+        # For no-runtime analysis of these old kernels, match the specific instruction patterns.
         if [ -z "$v1_kernel_mitigated" ]; then
             pr_info_nol "* Kernel has array_index_mask_nospec (v4.15 binary pattern): "
             # vanilla: look for the Linus' mask aka array_index_mask_nospec()