Add APK Signature Scheme v3.

Add ApkSignatureSchemeV3Verifier to enable APKs to be signed with
the new signature scheme.  Update the ApkSignatureVerifier to process
the results, but only pass on what's needed for the existing interface.

In the process, move the ApkSignatureSchemeV2 code into a common
area for use by any scheme that makes use of the APK Signature Block.

The primary purpose of APK Signature Scheme v3 is to enable applications
to rotate their signing key.  This is accomplished by augmenting APK
Signature Scheme v2 to also include a new Proof-of-rotation struct, which
is fundamentally a singly linked list where each of the APK's signing
certificates is included in order, along with a signature over the next
certificate.  Thus, each certificate contains proof that the private key
corresponding to the previous one blessed it.  This provides evidence to
the platform that the new signing certificate should be as trusted as
the previously trusted one.  This structure also includes some flags for
each certificate to indicate to the platform how the APK itself would
like to interract/trust the old certificates.

Bug: 64686581
Test: Builds, boots, passes
      android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I0f98ff13950af78f5d9b269f80d13af8891f7a2d