fix: 포트 충돌 회피 — note_bridge 8098, intent_service 8099

Jellyfin(8096), OrbStack(8097) 포트 충돌으로 변경.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.venv/lib/python3.9/site-packages/wassima/_os/_windows.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+from ssl import enum_certificates  # type: ignore[attr-defined]
+
+# ROOT: Highest level of trust. Trust anchors. Self-Signed.
+# MY: User installed/custom trust anchors. Self-Signed.
+# CA: Intermediates CA. Not trusted directly, not self-signed.
+WINDOWS_STORES: list[str] = [
+    "ROOT",
+    "MY",
+    "CA",
+]
+SERVER_AUTH_OID: str = "1.3.6.1.5.5.7.3.1"
+
+
+def root_der_certificates() -> list[bytes]:
+    certificates = []
+
+    for system_store in WINDOWS_STORES:
+        try:
+            for cert_bytes, encoding_type, trust in enum_certificates(system_store):
+                if not trust:
+                    continue  # Defensive: edge case, rare one.
+
+                # if not True, then, we MUST LOOK for SERVER_AUTH oid EKU
+                if not isinstance(trust, bool) and SERVER_AUTH_OID not in trust:
+                    continue
+
+                # Check it's in X.509 ASN.1 format and is trusted
+                if (
+                    encoding_type == "x509_asn"  # X.509 ASN.1 data
+                ):
+                    certificates.append(cert_bytes)
+        except PermissionError:  # Defensive: we can't cover that scenario in CI.
+            continue
+
+    return certificates
+
+
+__all__ = ("root_der_certificates",)