If you need to know everything about the security changes to an OS update, you shouldn't be the first one applying it. Wait a few days, maybe even a week, to let others work out the initial issues, and for Apple to update its docs.
If I had to guess what crsud is, it would be a daemon (the 'd' at the end) possibly involved in certificate revocation (the 'cr' at the start). But that's just a wild-ass guess, which is probably all anyone's going to have until Apple updates its security docs. Even then, Apple may not spell out exactly what daemons it's added.
After reading all of this thread, I went to the System Preferences and unchecked the "Automatically install important security updates" in the general pane of the Security panel. Then I checked this option again and Little Snitch immediately gave the "crsud wants to connect to swscan.apple.com" notification. I've tried this several times, so it is certain.
Of course this doesn't tell us what Apple is really up to...