MDL-61949 privacy: Add mention of the new API in upgrade.txt files

The notice is explicitly repeated for activity modules because they
usually process user data heavily.

lib/upgrade.txt

@@ -3,6 +3,10 @@ information provided here is intended especially for developers.
 
 === 3.5 ===
 
+* There is a new privacy API that every subsystem and plugin has to implement so that the site can become GDPR
+  compliant. Plugins use this API to report what information they store or process regarding users, and provide ability
+  to export and delete personal data. See https://docs.moodle.org/dev/Privacy_API for guidelines on how to implement the
+  privacy API in your plugin.
 * The cron runner now sets up a fresh PAGE and OUTPUT between each task.
 * The core_renderer methods notify_problem(), notify_success(), notify_message() and notify_redirect() that were
   deprecated in Moodle 3.1 have been removed. Use \core\notification::add(), or \core\output\notification as required.

mod/upgrade.txt

@@ -3,6 +3,10 @@ information provided here is intended especially for developers.
 
 === 3.5 ===
 
+* There is a new privacy API that every subsystem and plugin has to implement so that the site can become GDPR
+  compliant. Activity modules use this API to report what information they store or process regarding users, and provide
+  ability to export and delete personal data. See https://docs.moodle.org/dev/Privacy_API for guidelines on how to
+  implement the privacy API in your activity module.
 * Backup directory now can be outside of temp directory. Use make_backup_temp_directory($name) instead of
   make_temp_directory('/backup/'.$name)
 * Modules that provide their own interactive content and call cm_info::set_content() from [MODULENAME]_cm_info_view()