Verify the incoming package first.

The callingPackage is a parameter from the Binder, and the caller
could forge any name they want. We should verify if it's trusted.

Bug: 194105935
Bug: 194106074
Bug: 214894893
Test: atest -p core/java/android/app/
Test: atest -p services/tests/servicestests/src/com/android/server/am
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Change-Id: Ib7b4676d5c54df304d896b9f8260fe08c79dd3ce