cms builders: how can I surface signing errors?

[RickyDaMa]

I'm not sure how I'm supposed to access the underlying error when it gets dropped on line 415:

formats/cms/src/builder.rs

Lines 400 to 419 in cfacd3e

	/// Add a signer info. The signature will be calculated. Note that the encapsulated content
	/// must not be changed after the first signer info was added.
	pub fn add_signer_info<S, Signature>(
	&mut self,
	signer_info_builder: SignerInfoBuilder<'_>,
	signer: &S,
	) -> Result<&mut Self>
	where
	S: Keypair + DynSignatureAlgorithmIdentifier,
	S: Signer<Signature>,
	S::VerifyingKey: EncodePublicKey,
	Signature: SignatureBitStringEncoding,
	{
	let signer_info = signer_info_builder
	.build::<S, Signature>(signer)
	.map_err(|_| der::Error::from(ErrorKind::Failed))?;
	self.signer_infos.push(signer_info);
	Ok(self)
	}

For my use case, I'm signing remotely using Google KMS, and so there are numerous failure conditions (e.g. web request failed, couldn't deserialize response body, checksum didn't match), but any useful information I put into my errors in my Signer::try_sign impl get dropped by the map_err above

I understand the concerns about leaking secrets and hence the design of signature::Error - no issues there, but even if I'm wanting to provide useful secretless errors I can't because they get swallowed in internal library code

Thus I'd like to understand why the API was designed like this, and if potentially this could be changed in the future. Naturally this limitation can be worked around one way or another, but it's cumbersome to do so