(#11276) Load default root certs on Windows

On Windows calling OpenSSL::X509::Store#set_default_paths does nothing. As
a result, puppet is unable to make authenticated SSL connections to
well-known SSL servers, like forge.puppetlabs.com.

This commit adds a RootCerts class that loads the root certs from the
Windows system cert store, and monkey patches the
OpenSSL::X509::Store#set_default_paths to behave as expected on Windows.

Note the actual semantics for set_default_paths are slightly different,
in that on *nix, it sets the paths that openssl will look for trusted root
certs, whereas this patch loads them into the X509::Store object on
Windows. But the net effect is the same, we're specifying the set of root
certs that we trust when authenticating SSL servers.

This commit monkey patches openssl, because there isn't a central way to
create SSL contexts in ruby. Specifically, open-uri hides the process of
setting up the SSL context, so the caller doesn't have to "worry" about
it. In doing so, it calls set_default_paths expecting that is all that is
needed. But it makes it next to impossible for the caller to add other
root certs.

Specifically, the module tool uses open-uri to download tar.gz content,
but that said the issue is not specific to the module tool.

This commit also adds an SSL acceptance test.