v4 signing schema parsing and verification.

v4 is a streaming add-on to the existing v2/v3 schemas.

Flow:
- APK is signed with v2/v3 and v4 signature blocks,
- on installation, v4 signature bytes are stored next to the APK in
hidden block,
- on each read from APK, kernel verifies the v4 signature using
fs-verity-like code,
- on parsing/verification, we extract certificates from kernel and
compare them with certificates extracted from v2/v3 signature block.

By doing this we are making sure that v4 signature is produced by developer and original APK bytes are not changed.

Test: atest PkgInstallSignatureVerificationTest
Bug: b/136132412 b/133435829
Change-Id: Ia2a56c82c9864bf65e1338700dfe51abf6800deb