Ughhhhh this is requiring a bunch of changes, because removing signature_algorithms_cert makes it default to signature_algorithms, so I need to expand it, so I can't assume it's a list of supported sigalgs, and I need to consider how it will break other legacy clients.