Mods to the SELinuxMMAC engine code.

* We now require that all certs used to sign the apk and all
  certs stored with policy be tested for set equality. Prior
  efforts required that the cert included with policy only
  needed to match one of the certs included with an apk.

* Allowed a new tag to be included with policy describing the
  signatures. <cert signature=""/> is now allowed as a child
  element of the <signer> tag describing multiple certs. The
  old way of describing signatures attached as attributes to
  the root signer tag is still supported. The engine now treats
  it the same as if they used the new layout with the outer
  signature as the first signature value.

* Moved the class which holds all policy from an inner static
  to a builder pattern governed by the Policy.PolicyBuilder
  class. This will help provide more clarity and allow for
  easier enforcement of certain invariants as the policy
  representation is being built.

* Loads of new comments.

Change-Id: I38eb00ed8962fdef71bc9f2e7370cb910cadeff4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>