Minor documentation changes and fixes

usr/lib/sysctl.d/30_security-misc_kexec-disable.conf

@@ -1,15 +1,16 @@
 ## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
+## NOTE:
+## Why is this in a dedicated config file?
+## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
+## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
+## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
+## it cannot be undone without reboot. This is a upstream Linux security feature.
+
 ## Disables kexec which can be used to replace the running kernel.
 ## Useful for live kernel patching without rebooting.
 ##
 ## https://en.wikipedia.org/wiki/Kexec
 ##
 kernel.kexec_load_disabled=1
-
-## Why is this in a dedicated config file?
-## Package ram-wipe requires kexec. However, ram-wipe could not ship a config
-## file /etc/sysctl.d/40_ram-wipe.conf which sets 'kernel.kexec_load_disabled=0'.
-## This is because once systemd-sysctl.service has set 'kernel.kexec_load_disabled=1'
-## it cannot be undone without reboot. This is a upstream Linux security feature.