crypto/x509: re-allow duplicate attributes in CSRs [1.19 backport]

[FiloSottile]

https://go.dev/cl/428636 fixed a regression in Go 1.19, where the fix for #50988 (https://go.dev/cl/383215) was overbroad and disallowed some valid certificates. This is a regression without a workaround, so it should have been backported, but wasn't probably because the regression was fixed without opening an issue.

/cc @rolandshoemaker @robstradling @golang/security

[gopherbot]

Change https://go.dev/cl/460236 mentions this issue: crypto/x509: Reallow duplicate attributes in CSRs

[robstradling]

Thanks @FiloSottile!

...because the regression was fixed without opening an issue.

Did I miss a step? I assumed my backport request in #54936 (comment) had been declined.

[FiloSottile]

Ah, I missed #54936, sorry! The full process would have involved linking that issue from the CL, and asking gopherbot to open a backport issue (see https://go.dev/wiki/MinorReleases). I think the backport request just went unnoticed in the issue description. (To be clear, this is FYI, not saying you were expected to know any of this :))

[gopherbot]

Closed by merging e04be8b to release-branch.go1.19.