Update windows CSP verification logic

[JordanMontgomery]

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• [ ] Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes. See Changes files for more information.
• [ ] Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
• [ ] Added support on fleet's osquery simulator cmd/osquery-perf for new osquery data ingestion features.
• [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes
• [ ] If database migrations are included, checked table schema to confirm autoupdate
• For new Fleet configuration settings
  • [ ] Verified that the setting can be managed via GitOps, or confirmed that the setting is explicitly being excluded from GitOps. If managing via Gitops:
    • [ ] Verified that the setting is exported via fleetctl generate-gitops
    • [ ] Added the setting to the GitOps documentation
    • [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional)
    • [ ] Verified that any relevant UI is disabled when GitOps mode is enabled
• For database migrations:
  • [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration.
  • [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
  • [ ] Ensured the correct collation is explicitly set for character columns (COLLATE utf8mb4_unicode_ci).
• [ ] Added/updated automated tests
• [ ] Manual QA for all new/changed functionality
• For Orbit and Fleet Desktop changes:
  • [ ] Make sure fleetd is compatible with the latest released version of Fleet (see Must rule).
  • [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (runtime.GOOS).
  • [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
  • [ ] Auto-update manual QA, from released version of component to new version (see tools/tuf/test).
• [ ] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 0% with 34 lines in your changes missing coverage. Please review.

Project coverage is 58.95%. Comparing base (30e9f85) to head (482e0a5). Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
server/mdm/microsoft/profile_verifier.go	0.00%	30 Missing :warning:
server/service/osquery_utils/queries.go	0.00%	4 Missing :warning:

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #30203      +/-   ##
==========================================
- Coverage   64.21%   58.95%   -5.26%     
==========================================
  Files        1869     1705     -164     
  Lines      182716   165057   -17659     
  Branches     5352     5352              
==========================================
- Hits       117324    97310   -20014     
- Misses      56180    60016    +3836     
+ Partials     9212     7731    -1481     

Flag	Coverage Δ
backend	59.33% <0.00%> (-5.76%)	:arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

• :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JordanMontgomery]

Test failures are unrelated apparently flaky tests, one of which is a known issue with a VPP token having expired