Fix gosec, govet, and errorlint linter errors

Co-authored-by: Junie <junie@jetbrains.com>

internal/acme/jws.go

@@ -27,18 +27,18 @@ type JWSHeader struct {
 	Alg   string          `json:"alg"`
 	Nonce string          `json:"nonce"`
 	URL   string          `json:"url"`
-	JWK   json.RawMessage `json:"jwk,omitempty"` // present for new-account / new-order with new key
-	KID   string          `json:"kid,omitempty"` // present for subsequent requests
+	KID   string          `json:"kid,omitempty"`
+	JWK   json.RawMessage `json:"jwk,omitempty"`
 }
 
 // ParsedJWS is the result of parsing a JWS request body.
 // Signature verification is NOT performed here; call VerifyJWS separately.
 type ParsedJWS struct {
-	Header        JWSHeader
-	Payload       []byte // decoded payload bytes; empty-string payload decodes to nil
-	SigningInput   []byte // protected + "." + payload (ASCII; used for signature verification)
-	RawSignature  []byte // decoded signature bytes
-	RawBody       JWSFlat
+	Header       JWSHeader
+	RawBody      JWSFlat
+	Payload      []byte
+	SigningInput []byte
+	RawSignature []byte
 }
 
 // ParseJWS decodes the flattened JWS from body without verifying the signature.
@@ -77,7 +77,7 @@ func ParseJWS(body []byte) (*ParsedJWS, error) {
 	return &ParsedJWS{
 		Header:       header,
 		Payload:      payload,
-		SigningInput:  signingInput,
+		SigningInput: signingInput,
 		RawSignature: sig,
 		RawBody:      flat,
 	}, nil