About your requirement "I'm interested in verifying that the user is using my Windows 8 app and not just some 'hacker' using Fiddler.", I am not sure how deep you would try securing your application as if others want to try consuming your application differently, the will find their way and if you think using ACS or LiveSDK add any security, I don't think so.
ACS or LiveSDK services are ways to authenticate a specific user and then allowing them to use your application. Once the authentication token is given to your application about a specific user and you do not have a way to save and again verify that info, there is no difference between having ACS/LiveSDK based authentication in your application or not having it. These oAuth based services are just a way to authenticate the user, still you would need to write extra layer of the code to provide user specific service.
It does not matter if you use ACS/oAuth/or your own membership service, user will have to enter username and password to get authenticated time to time. Based on login time and type, you can keep the user active for x amount of time as live session however the session will expire and user will have to enter the username and password. Storing username and password locally to avoid entering credential again is not a good application design.
Now about your first question you should be using LiveSDK (not Azure ACS) to authenticate Live (Hotmail, Live, Skydrive and Outlook domain) users because in Windows 8, most of the services are using these ID so using one of these will help your application to be part of same eco-system. You can use this latest doc to use Live SDK in your application. If you will use Live SDK in your Windows 8 application and the user using the same live ID for their other application on Windows 8 and login before your application, your application will already have a live session to use it depend on Live ID and application settings.
About your second question "Encrypt and store the user's login details to prevent the user having to enter login details every time?" I am not sure why do you need it. First of all no oAuth service will give you user login credentials besides user name only which you can save to verify the user if he visits again and that u can use to be sure that it is a proper user. You must need to store this info to cloud and then once authenticated, do whatever you want.