SA: Create list of authzIDs earlier in NewOrderAndAuthzs (#7744)

Creating the list of authzIDs earlier in NewOrderAndAuthzs:
- Saves a `for` loop with duplicated code; we no longer need to range
over two different slices, just one.
- Allows us to create the Order PB later, after more of the data
collection logic, without interrupting it. This makes the order of
operations slightly easier to follow.

sa/sa.go

@@ -549,17 +549,13 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		}
 
 		// Third, insert all of the orderToAuthz relations.
+		// Have to combine the already-associated and newly-created authzs.
+		allAuthzIds := append(req.NewOrder.V2Authorizations, newAuthzIDs...)
 		inserter, err := db.NewMultiInserter("orderToAuthz2", []string{"orderID", "authzID"}, "")
 		if err != nil {
 			return nil, err
 		}
-		for _, id := range req.NewOrder.V2Authorizations {
-			err := inserter.Add([]interface{}{orderID, id})
-			if err != nil {
-				return nil, err
-			}
-		}
-		for _, id := range newAuthzIDs {
+		for _, id := range allAuthzIds {
 			err := inserter.Add([]interface{}{orderID, id})
 			if err != nil {
 				return nil, err
@@ -576,25 +572,6 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			return nil, err
 		}
 
-		// Finally, build the overall Order PB.
-		res := &corepb.Order{
-			// ID and Created were auto-populated on the order model when it was inserted.
-			Id:      orderID,
-			Created: timestamppb.New(created),
-			// These are carried over from the original request unchanged.
-			RegistrationID: req.NewOrder.RegistrationID,
-			Expires:        req.NewOrder.Expires,
-			DnsNames:       req.NewOrder.DnsNames,
-			// Have to combine the already-associated and newly-reacted authzs.
-			V2Authorizations: append(req.NewOrder.V2Authorizations, newAuthzIDs...),
-			// A new order is never processing because it can't be finalized yet.
-			BeganProcessing: false,
-			// An empty string is allowed. When the RA retrieves the order and
-			// transmits it to the CA, the empty string will take the value of
-			// DefaultCertProfileName from the //issuance package.
-			CertificateProfileName: req.NewOrder.CertificateProfileName,
-		}
-
 		if req.NewOrder.ReplacesSerial != "" {
 			// Update the replacementOrders table to indicate that this order
 			// replaces the provided certificate serial.
@@ -605,12 +582,31 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		}
 
 		// Get the partial Authorization objects for the order
-		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, res.V2Authorizations)
+		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, allAuthzIds)
 		// If there was an error getting the authorizations, return it immediately
 		if err != nil {
 			return nil, err
 		}
 
+		// Finally, build the overall Order PB.
+		res := &corepb.Order{
+			// ID and Created were auto-populated on the order model when it was inserted.
+			Id:      orderID,
+			Created: timestamppb.New(created),
+			// These are carried over from the original request unchanged.
+			RegistrationID: req.NewOrder.RegistrationID,
+			Expires:        req.NewOrder.Expires,
+			DnsNames:       req.NewOrder.DnsNames,
+			// This includes both reused and newly created authz IDs.
+			V2Authorizations: allAuthzIds,
+			// A new order is never processing because it can't be finalized yet.
+			BeganProcessing: false,
+			// An empty string is allowed. When the RA retrieves the order and
+			// transmits it to the CA, the empty string will take the value of
+			// DefaultCertProfileName from the //issuance package.
+			CertificateProfileName: req.NewOrder.CertificateProfileName,
+		}
+
 		// Calculate the order status before returning it. Since it may have reused
 		// all valid authorizations the order may be "born" in a ready status.
 		status, err := statusForOrder(res, authzValidityInfo, ssa.clk.Now())