Wildcard certificates may be persisted under the wrong name

[null-dev]

I'm running into a case where if I pass a non-wildcard name into new_order as the primary name but include a wildcard name in the aliases, the cert is persisted under the wildcard name instead of the non-wildcard primary name. I suspect this is happening because:

Section 7.4 of the ACME spec states that:

Clients MUST NOT make any assumptions about the sort order of
"identifiers" or "authorizations" elements in the returned order
object.

This means that the primary_name that I pass into new_order might not actually be used to persist the cert here as the order of the domains could change:

acme-lib/src/order/mod.rs

Line 293 in 9d4702c

let primary_name = self.order.api_order.domains()[0].to_string();

The spec is a bit confusing because it also says the following in Section 7.1.3:

The elements of the "authorizations" and "identifiers" arrays are
immutable once set. The server MUST NOT change the contents of
either array after they are created. If a client observes a change
in the contents of either array, then it SHOULD consider the order
invalid.

I believe they just mean that entries can't be added/deleted though and that the ordering of entries can still change.