Windows: Make the default sar value used in handles plugin a variable…

… so if it needs to be changed it gets updated in one place only

volatility3/framework/plugins/windows/handles.py

@@ -142,6 +142,7 @@ def find_sar_value(self):
         pointers in the _HANDLE_TABLE_ENTRY which allows us to find the
         associated _OBJECT_HEADER.
         """
+        DEFAULT_SAR_VALUE = 0x10  # to be used only when decoding fails
 
         if self._sar_value is None:
             if not has_capstone:
@@ -178,7 +179,7 @@ def find_sar_value(self):
                 vollog.warning(
                     f"Failed to read {hex(num_bytes_to_read)} bytes at symbol {hex(func_addr_to_read)}. Unable to decode SAR value. Failing back to a common value of 0x10"
                 )
-                self._sar_value = 0x10
+                self._sar_value = DEFAULT_SAR_VALUE
                 return self._sar_value
 
             md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
@@ -202,7 +203,7 @@ def find_sar_value(self):
                 vollog.warning(
                     f"Failed to to locate SAR value having parsed {instruction_count} instructions, failing back to a common value of 0x10"
                 )
-                self._sar_value = 0x10
+                self._sar_value = DEFAULT_SAR_VALUE
 
         return self._sar_value