“A minute ago I discovered that mds=full,nosmt had to be added to grub for those having mds vulnerability which could cause data leak. Also, nowhere documented as far as I know.”
Not needed.
mds=full is the default (check kernel.org doc), smt is globally disabled in Qubes OS (see /etc/default/grub). So already mitigated by default in Qubes.