Add support for knownSigner permission protection flag

This commit adds support for a new permission protection flag that
allows a permission declaration to also include an array resource of
trusted signing certificate digests. A permission declared with this
new knownSigner permission flag will be granted to a requesting app
if that app's current signer, or any of the previous signers in its
lineage, are in the declared trusted signing certificate set.

Bug: 172970984
Test: atest SigningDetailsTest
Test: atest PkgInstallSignatureVerificationTest
Change-Id: I54ff2ac720c3a1828d0606426197f7f0e0d0d4b5