Sort certificates by ID

This is needed to avoid non-deterministic order of the certificates in case the underlying pkcs11 module does not guarantee that (such as softhsm). Without this change, the signing and encryption certificate might get mixed up and application might try to use wrong one for verification or decryption.