In #264 code is pretty ugly because we're keeping track of whether an EKU already exists in the Vec that we hold. Should CertificateParams::key_usages and extended_key_usages be HashSet instead?

• Does the order matter?
• Is there a valid use case for having the same usage twice?

(I guess it could even be more like a bitset similar to what x509-parser apparently does.)

Does the order matter

personally I'd like to keep rcgen as deterministic as possible, so IMO it would be good to have a consistent order.

edit: with that I mean to not introduce nondeterminism where there hasn't been such before.

We could order the key usages when we're writing out DER -- that would still generate a potentially different order than was retrieved from a parsed certificate but would at least be consistent/deterministic?