protocol: BER2DER does not handle empty indefinite length objects

[oncilla]

For indefinite length objects, we check for the terminator here: https://github.com/github/smimesign/blob/3564e86011859c28b315328027abebb954b6bf6f/ietf-cms/protocol/ber.go#L217

However, this does not consider that a SEQUENCE or SET can be potentially empty with indefinite length. Instead, I think the proper thing is to first check for the termination sequence and only then read the object. I.e., move the if condition above this line: https://github.com/github/smimesign/blob/3564e86011859c28b315328027abebb954b6bf6f/ietf-cms/protocol/ber.go#L209