ncdumpzone: Add support for Windows EMET Certificate Trust XML output

[JeremyRand]

It would be useful to add Windows EMET Certificate Trust XML as an output format for ncdumpzone. This would give us negative overrides on Windows for any CryptoAPI application that is supported by EMET.

[JeremyRand]

From my notes:

• Issue with non-Admin users running EMET for cert pinning in v5.2: https://social.technet.microsoft.com/Forums/security/en-US/500fa341-fcdc-48bf-8715-c9558df2ae56/certificate-pinning-alterting-and-blocking-issues-wlatest-52-release?forum=emet
• Docs on cert pinning in v4.0: https://blogs.technet.microsoft.com/srd/2013/05/08/emet-4-0s-certificate-trust-feature/
• Docs on the Application Compatibility Toolkit, which EMET uses for creating shims: https://blogs.technet.microsoft.com/askperf/2011/06/17/demystifying-shims-or-using-the-app-compat-toolkit-to-make-your-old-stuff-work-with-your-new-stuff/
• EMET 5.5 User Guide: https://www.microsoft.com/en-us/download/details.aspx?id=50802
• Compatibility issues with Chrome and/or Edge:
  • https://www.chromium.org/Home/chromium-security/security-faq#TOC-Can-I-use-EMET-to-help-protect-Chrome-against-attack-on-Microsoft-Windows-
  • https://www.chromium.org/Home/chromium-security/chromium-and-emet
  • https://social.technet.microsoft.com/Forums/security/en-US/5e025455-dac5-4bad-a574-f532187ca687/emet-52-certificate-pinning-does-not-work-in-windows-10?forum=emet
• Article: https://randomoracle.wordpress.com/2013/04/25/certificate-pinning-in-internet-explorer-with-emet/ .
  • Says there's no exemptions for locally installed root CA's.
• Article: https://randomoracle.wordpress.com/2013/05/13/certificate-pinning-translating-chrome-settings-into-emet/ .
  • Says cert pins are in HKLM\Software\Microsoft\EMET_settings_\Pinning .