Minor updates to migration guide

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

docs/3.0-migration-guide.md

@@ -11,8 +11,8 @@ two questions: (1) am I affected? (2) if yes, what's my migration path?
 
 The changes are detailed below, and include:
 
-- Removal of many insecure / obsolete features
+- Removal of many insecure or obsolete features
-- Tidying up of configuration options (including removing some less useful options)
+- Tidying up of configuration options (including removing some less useful options).
 - Changing function signatures (e.g., adding return codes or extra parameters); introducing const to arguments.
 - Removal of functions marked as deprecated in 2.x
 
@@ -258,7 +258,7 @@ This only affects people who've been using Mbed TLS since before version 2.0
 and still relied on `compat-1.3.h` in their code.
 
 Please use the new names directly in your code; `scripts/rename.pl` (from any
-of the 2.x releases - no longer included in 3.0) might help you do that.
+of the 2.x releases — no longer included in 3.0) might help you do that.
 
 Remove 3DES ciphersuites
 --
@@ -289,7 +289,7 @@ using the multi-part API.
 
 Previously, the documentation didn't state explicitly if it was OK to call
 `mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after
-the last call to `mbedtls_cipher_update()` - that is, without calling
+the last call to `mbedtls_cipher_update()` — that is, without calling
 `mbedtls_cipher_finish()` in-between. If you code was missing that call,
 please add it and be prepared to get as much as 15 bytes of output.
 
@@ -378,8 +378,8 @@ the previous key export API in the following ways:
   shutting down the TLS connection.
 
 For users which do not rely on raw keys and IV, adjusting to the new
-callback type should be straightforward - see the example programs
+callback type should be straightforward — see the example programs
-programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks
+`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks
 for NSSKeylog, EAP-TLS and DTLS-SRTP.
 
 Users which require access to the raw keys used to secure application
@@ -418,7 +418,7 @@ This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
 `mbedtls_pk_parse_keyfile()`.
 
 You now need to pass a properly seeded, cryptographically secure RNG when
-calling these functions. It is used for blinding, a counter-measure against
+calling these functions. It is used for blinding, a countermeasure against
 side-channel attacks.
 
 The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
@@ -427,8 +427,8 @@ The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
 This doesn't affect users of the default configuration; it only affects people
 who were explicitly setting this option.
 
-This was a trade-off between code size and counter-measures; it is no longer
+This was a trade-off between code size and countermeasures; it is no longer
-relevant as the counter-measure is now always on at no cost in code size.
+relevant as the countermeasure is now always on at no cost in code size.
 
 Remove MaximumFragmentLength (MFL) query API
 -----------------------------------------------------------------
@@ -944,7 +944,7 @@ Migration paths:
   should never be returned from Mbed TLS, and there is no need to check for it.
   
   Users should simply remove manual checks for those codes, and let the Mbed TLS
-  team know if -- contrary to the team's understanding -- there is in fact a situation
+  team know if — contrary to the team's understanding — there is in fact a situation
   where one of them was ever returned.
   
 - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and