load Windows certificate store in set_default_verify_paths

[zanchey]

This PR updates set_default_verify_paths to fall back to the Windows certificate store if an explicit verification path is not set via environment variables.

I have used the standard library's ssl module for enumerating the store - if this is not acceptable please let me know.

There is a CI failure but it does not seem related to these changes (and occurs without them when I run the main branch workflows in my private fork).