send-shard failed signing with "no hash algorithms were valid on certificate ...", rpgpie required certs to declare a Preferred Hash Algorithms subpacket, which keyfork-generated certs don't have → NoHashAlgo.
Fix: select_signing_hash() picks the cert's preferred accepted hash, else defaults to SHA-512 (applied to smartcard + TSK paths; drops unused NoHashAlgo).
Tests: 3 unit tests + verified end-to-end (shard accepted). Includes rustfmt-only changes to locksmithd.rs.
send-shard failed signing with "no hash algorithms were valid on certificate ...", rpgpie required certs to declare a Preferred Hash Algorithms subpacket, which keyfork-generated certs don't have → NoHashAlgo.
Fix: select_signing_hash() picks the cert's preferred accepted hash, else defaults to SHA-512 (applied to smartcard + TSK paths; drops unused NoHashAlgo).
Tests: 3 unit tests + verified end-to-end (shard accepted). Includes rustfmt-only changes to locksmithd.rs.