Safer @hide Bundle.getParcelable() with explicit type

Provider a safer API getParcelable() that takes a Class<?> parameter
just like the safer Parcel APIs introduced, so we check the type before
deserializing, preventing unexpected and potentially vulnerable code
being executed (technique used in the bugs).

Making it @hide since ASA requested this in T (more details on bugs)
and the urgent usage is inside the platform, we can flesh out a public
API for U.

Test: App code gpaste/6130483466338304 logs gpaste/5148052949041152
Bug: 213169612
Bug: 212804042
Bug: 212803946
Bug: 210885162

Change-Id: Ieebc044043e0776e71d35c1cc11be9299f972c45