They aren't returned by the cert enumeration APIs, but if we
directly look into their %APPDATA%, we can find them. The files
there are a custom file format, which we can parse to extract the
actual encoded certificate. We can then forward that back to the
winapi to extract info out of it.

We can also proactively look for them on disk, regardless of the
enumeration, which will guarantee that we will always be able to show
Personal certs regardless of things like, e.g. login history. For
example, if a user has never logged in on a system since boot, they may
not appear in the registry, and thus the enumeration, so their Personal
certs will not appear, even though they are available.

It would safely fail before with a file not found error, but this is
more explicit.

Similar to the user_groups table, we filter out some of the accounts we
know will not have directories on disk for certificates

Previously, we assumed a certain path structure for where to find a
user's Personal certificates. Now we reuse some functionality from the
users table which checks the registry to retrieve the home directory.

For system accounts (e.g. Local System) the home dir paths we get back
from getUserHomeDir may contain environment variables. This expands them
so we can now retrieve certificates within certificate directories for
system accounts.