Sanity check paths coming into installd.

Since installd is an extremely privlidged execution domain, we should
be as paranoid as possible about any incoming raw text input.

To that effect, this change asserts that incoming paths are absolute
and aren't trying to play any weird shenanigans.  (This borrows the
same logic used over in vold.)

Also fix subtle bugs where AID_SYSTEM wasn't being checked, and the
installd lock wasn't being acquired.  (If a lock isn't needed, we
always want a comment block explaining why.)

Test: builds, boots, new apps install/uninstall fine
Bug: 71871109
Change-Id: I8ad0aafa794b0ebb9e7cc4831004fc0022acd747