Reorder sq pki certify's options.

- Reorder `sq pki certify`'s arguments so that they appear in a more
    logical order when reading `--help` (required arguments first,
    then grouped and approximately ordered by how often they are
    likely to be used).

src/cli/pki/certify.rs

@@ -91,110 +91,6 @@ reference time.
 )]
 #[clap(group(ArgGroup::new("certifier_input").args(&["certifier_file", "certifier"]).required(true)))]
 pub struct Command {
-    #[clap(
-        help = FileOrStdout::HELP_OPTIONAL,
-        long,
-        value_name = FileOrStdout::VALUE_NAME,
-    )]
-    pub output: Option<FileOrStdout>,
-    #[clap(
-        long,
-        help = "Emit binary data",
-    )]
-    pub binary: bool,
-    #[clap(
-        long = "depth",
-        value_name = "TRUST_DEPTH",
-        default_value = "0",
-        help = "Set the trust depth",
-        long_help =
-            "Set the trust depth (sometimes referred to as the trust level).  \
-            0 means a normal certification of <CERTIFICATE, USERID>.  \
-            1 means CERTIFICATE is also a trusted introducer, 2 means \
-            CERTIFICATE is a meta-trusted introducer, etc.",
-    )]
-    pub depth: u8,
-    #[clap(
-        long = "amount",
-        value_name = "AMOUNT",
-        default_value = "full",
-        help = "Set the amount of trust",
-        long_help =
-            "Set the amount of trust.  Values between 1 and 120 are meaningful. \
-            120 means fully trusted.  Values less than 120 indicate the degree \
-            of trust.  60 is usually used for partially trusted.",
-    )]
-    pub amount: TrustAmount<u8>,
-    #[clap(
-        long = "regex",
-        value_name = "REGEX",
-        requires = "depth",
-        help = "Add a regular expression to constrain \
-            what a trusted introducer can certify",
-        long_help =
-            "Add a regular expression to constrain \
-            what a trusted introducer can certify.  \
-            The regular expression must match \
-            the certified User ID in all intermediate \
-            introducers, and the certified certificate. \
-            Multiple regular expressions may be \
-            specified.  In that case, at least \
-            one must match.",
-    )]
-    pub regex: Vec<String>,
-    #[clap(
-        long = "local",
-        help = "Make the certification a local certification",
-        long_help =
-            "Make the certification a local \
-            certification.  Normally, local \
-            certifications are not exported.",
-    )]
-    pub local: bool,
-    #[clap(
-        long = "non-revocable",
-        help = "Mark the certification as being non-revocable",
-        long_help =
-            "Mark the certification as being non-revocable. \
-            That is, you cannot later revoke this \
-            certification.  This should normally only \
-            be used with an expiration.",
-    )]
-    pub non_revocable: bool,
-    #[clap(
-        long,
-        value_names = &["NAME", "VALUE"],
-        number_of_values = 2,
-        help = "Add a notation to the certification.",
-        long_help = "Add a notation to the certification.  \
-            A user-defined notation's name must be of the form \
-            `name@a.domain.you.control.org`. If the notation's name starts \
-            with a !, then the notation is marked as being critical.  If a \
-            consumer of a signature doesn't understand a critical notation, \
-            then it will ignore the signature.  The notation is marked as \
-            being human readable."
-    )]
-    pub notation: Vec<String>,
-    #[clap(
-        long = "expiration",
-        value_name = "EXPIRATION",
-        default_value_t =
-            Expiration::Duration(THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION),
-        help =
-            "Define EXPIRATION for the certification as ISO 8601 formatted string or \
-            custom duration.",
-        long_help =
-            "Define EXPIRATION for the certification as ISO 8601 formatted string or \
-            custom duration. \
-            If an ISO 8601 formatted string is provided, the validity period \
-            reaches from the reference time (may be set using `--time`) to \
-            the provided time. \
-            Custom durations starting from the reference time may be set using \
-            `N[ymwds]`, for N years, months, weeks, days, or seconds. \
-            The special keyword `never` sets an unlimited expiry.",
-    )]
-    pub expiration: Expiration,
-
     #[clap(
         long,
         value_name = "KEY",
@@ -222,4 +118,114 @@ pub struct Command {
             "Add the given user ID if it doesn't exist in the certificate.",
     )]
     pub add_userid: bool,
+
+    #[clap(
+        long = "amount",
+        value_name = "AMOUNT",
+        default_value = "full",
+        help = "Set the amount of trust",
+        long_help =
+            "Set the amount of trust.  Values between 1 and 120 are meaningful. \
+            120 means fully trusted.  Values less than 120 indicate the degree \
+            of trust.  60 is usually used for partially trusted.",
+    )]
+    pub amount: TrustAmount<u8>,
+
+    #[clap(
+        long = "depth",
+        value_name = "TRUST_DEPTH",
+        default_value = "0",
+        help = "Set the trust depth",
+        long_help =
+            "Set the trust depth (sometimes referred to as the trust level).  \
+            0 means a normal certification of <CERTIFICATE, USERID>.  \
+            1 means CERTIFICATE is also a trusted introducer, 2 means \
+            CERTIFICATE is a meta-trusted introducer, etc.",
+    )]
+    pub depth: u8,
+
+    #[clap(
+        long = "regex",
+        value_name = "REGEX",
+        requires = "depth",
+        help = "Add a regular expression to constrain \
+            what a trusted introducer can certify",
+        long_help =
+            "Add a regular expression to constrain \
+            what a trusted introducer can certify.  \
+            The regular expression must match \
+            the certified User ID in all intermediate \
+            introducers, and the certified certificate. \
+            Multiple regular expressions may be \
+            specified.  In that case, at least \
+            one must match.",
+    )]
+    pub regex: Vec<String>,
+
+    #[clap(
+        long = "expiration",
+        value_name = "EXPIRATION",
+        default_value_t =
+            Expiration::Duration(THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION),
+        help =
+            "Define EXPIRATION for the certification as ISO 8601 formatted string or \
+            custom duration.",
+        long_help =
+            "Define EXPIRATION for the certification as ISO 8601 formatted string or \
+            custom duration. \
+            If an ISO 8601 formatted string is provided, the validity period \
+            reaches from the reference time (may be set using `--time`) to \
+            the provided time. \
+            Custom durations starting from the reference time may be set using \
+            `N[ymwds]`, for N years, months, weeks, days, or seconds. \
+            The special keyword `never` sets an unlimited expiry.",
+    )]
+    pub expiration: Expiration,
+
+    #[clap(
+        long = "local",
+        help = "Make the certification a local certification",
+        long_help =
+            "Make the certification a local \
+            certification.  Normally, local \
+            certifications are not exported.",
+    )]
+    pub local: bool,
+    #[clap(
+        long = "non-revocable",
+        help = "Mark the certification as being non-revocable",
+        long_help =
+            "Mark the certification as being non-revocable. \
+            That is, you cannot later revoke this \
+            certification.  This should normally only \
+            be used with an expiration.",
+    )]
+    pub non_revocable: bool,
+
+    #[clap(
+        long,
+        value_names = &["NAME", "VALUE"],
+        number_of_values = 2,
+        help = "Add a notation to the certification.",
+        long_help = "Add a notation to the certification.  \
+            A user-defined notation's name must be of the form \
+            `name@a.domain.you.control.org`. If the notation's name starts \
+            with a !, then the notation is marked as being critical.  If a \
+            consumer of a signature doesn't understand a critical notation, \
+            then it will ignore the signature.  The notation is marked as \
+            being human readable."
+    )]
+    pub notation: Vec<String>,
+
+    #[clap(
+        help = FileOrStdout::HELP_OPTIONAL,
+        long,
+        value_name = FileOrStdout::VALUE_NAME,
+    )]
+    pub output: Option<FileOrStdout>,
+    #[clap(
+        long,
+        help = "Emit binary data",
+    )]
+    pub binary: bool,
 }