Replace untyped Parcel read/write

Description: Replaced `Parcel.readList()` call with empty classLoader.

Calling `Parcel.readList(,null)` could be dangerous as an attacker can
abuse the call to deserialize arbitrary parcelables. To avoid such an
attack vector, we should switch in using `Parcel.readTypedList()`
instead.

Test: atest CtsInstantAppTests
Test: atest CtsWindowManagerDeviceTestCases:MultiWindowTests
Test: atest RemoteTransitionTest
Test: Boot and observe systemUI works
Bug: 195622897
Change-Id: I7c8cb23f6f3d26b1d4d47696e70982797b5f0210