Double check hidl service at init + meaningful abort when hidl crash

Sensor hidl service will kill itself when it detects
double-connection(*) from framework sensor service in order to avoid
potential deadlock.  This cl adds a no-op call to hidl service at
initialization of framework service to allow early detection on hidl
service side. It also adds retry mechanism in this case to avoid
another system server crash.

Log messages is added when hidl call transport failure to help better
identify problem. There is no sane recovery at this point and fatal
log is preferred.

* Double-connection to hidl service happens when framework sensor
service crash but leave a lingering connection in sensor hidl service.
Auto restarted framework service will attempt to connect hidl service
again which result in a double connection.

Test: manually killing sensor hidl service and/or restart runtime,
      with and without sensor service in restricted mode, observe
      system recover to good state.

      Pid of sensor hidl service can be found by lshal
          lshal | grep sensor
      switch to restrict mode
          dumpsys sensorservice restrict a.non-exist.package

Bug: 35727090
Bug: 35843387
Bug: 35702298
Bug: 35919167
Bug: 35848670
Bug: 35903635
Change-Id: Ie5c24300503e125d9de031a70948e2bda1eb6dc6