Signed attributes aren't in the correct order.

[algogrit]

Added a test case to illustrate and fix the issue.

=== Demonstrating Attribute Order Bug ===
Total signed attributes: 3

Actual order of attributes:
 Position 0: content-type (OID: 1.2.840.113549.1.9.3)
 Position 1: signing-time (OID: 1.2.840.113549.1.9.5)
 Position 2: message-digest (OID: 1.2.840.113549.1.9.4)

=== RFC 5652 Requirements ===
According to RFC 5652 Section 5.3:
- Signed attributes MUST be DER encoded
- DER encoding requires SET OF to be sorted by tag (OID)
- OID comparison is lexicographic on encoded bytes

Expected order by OID:
 1. content-type     (1.2.840.113549.1.9.3)
 2. message-digest   (1.2.840.113549.1.9.4)
 3. signing-time     (1.2.840.113549.1.9.5)

=== Bug Detected ===
❌ message-digest is at position 2
❌ signing-time is at position 1
❌ This violates DER encoding rules!

The attributes should be sorted by OID, but currently:
 signing-time (OID .9.5) comes BEFORE message-digest (OID .9.4)

BUG CONFIRMED: Attributes are not in DER order!
message-digest should be at position 1 but is at position 2
signing-time should be at position 2 but is at position 1

[indygreg]

The deletion of the sort_by line seems fundamentally wrong.

Did you use an AI/LLM tool to generate this PR? The PR summary and added test feel like LLM output to me.

[indygreg]

Why was the sort removed? The sort was added by #614 to fix the prior sorting behavior being buggy.

[algogrit]

The previous PR didn't come with tests and didn't prove the fix it claimed to have provided.

[indygreg]

This test is very verbose. I think it can be minimized.

[algogrit]

If there is something concrete here, I would be happy to remove. This test was initially generated using LLM, then adjusted to reflect the intention of clearly explaining the issue.

[algogrit]

It's not vibe coded if that's what you are getting at. The test has been generated via LLM, but figuring out the cause for the attributes to become unordered has been an human effort.