Is your feature request related to a problem? Please describe.
As of 4.1, loading certificates from a configurable Windows built in certstore name is supported. However there is no way to choose which client certificate to use for TLS on output plugins. From my testing I am also unsure if specifying a certstore with tls.windows.certstore_name loads any client certificates with their private keys for TLS client authentication in FB.

Describe the solution you'd like
Adding a parameter like tls_cert_thumbprint as with Fluentd (https://docs.fluentd.org/output/forward#how-to-connect-to-a-tls-ssl-enabled-server-with-windows-certstore-certificate).
This would allow to select a client certificate with its key from the built in certstore for authentication on output plugins.

Describe alternatives you've considered
Generating new certificates on all servers manually and exporting to disk. This makes it much more difficult to configure many servers at once.

Additional context
Adding this would make migration to FB possible as a client certificate is required for sending logs in our case. Creating certificates manually on all machines and exporting them as files is not feasable at this time. This relates to, and has the same problem as #9215