When defining an extension request in csr_attributes.yaml, like so:
Running `puppet ssl submit_request` results in the following error:
However, doing a puppet agent run to generate the CSR works fine.
Per josh, the SSL application may be registering the oids like the puppet agent code path does, and the call to `Puppet::SSL::Oids.register_puppet_oids` should be moved to the SSL provider, instead of each application having to do it. Also, Puppet's `certificate_extensions.rb` beaker test only runs `puppet agent` and should be expanded to include at least `puppet ssl`.