Refactor PackageParser.collectCerts() to hide signature scheme.

PackageParser shoudln't really need to know the gory details of APK
verification, it should just get back the blobs it needs to do its
job.  Move the package verification into its own class which is
*almost* exclusively responsible for verifying app signatures. This
is in preparation for adding APK signature scheme v3, which will add
yet another way to do this.

Bug: 64686581
Test: Builds 'n' boots without issue.
Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes.
Change-Id: Ieb76b2353bd44ffdb83e7b894e5ad720d1697dc7