Currently, Mutt hardcodes micalg=sha1 for signed messages.
Unfortunately, the actual message digest algorithm used defaults to
the value in the "Signature Algorithm" field in the signing key's
certificate.

Add a new configuration option $smime_sign_digest_alg, defaulting
to sha256.  Add a new printf format string, %d, to be used in the
signing command to specify the digest algorithm.  Modify the sample
$smime_sign_command to include "-md %d".

Note: This solution requires using the modified $smime_sign_command,
or else the micalg parameter again may not match the algorithm used.
An alternative solution would be to query the certificate "Signature
Algorithm" field and try to change the micalg to match it, but this
method is easier to implement and provides better control for the user
to configure, in any case.