Android T GKI certification scheme

New scheme is to certify kernel & ramdisk image separately, and
effectively decouple kernel & user space ramdisk image.

Under the new scheme, the --os_version and --os_patch_level boot header
field must be empty in order to maintain consistency.
Instead, these values must be in the vbmeta hash descriptor and
GKI certificate.

The new scheme also validates the image metadata, including the security
patch level.

The 'generic_kernel' certificate is associated with the 'boot' partition
and 'generic_ramdisk' certificate with 'init_boot' partition.

The 'generic_ramdisk' certificate may be packed into the 'boot' image if
product configuration doesn't have 'init_boot' image, this is only for
testing purposes and would be removed eventually.

Bug: 210367929
Bug: 211741246
Bug: 203698939
Test: unpack_bootimg --boot_img boot.img
Test: unpack_bootimg --boot_img init_boot.img
Test: avbtool info_image --image out/boot_signature
Change-Id: Iaf48a6e3d4b97fa6bfb5e1635a288b045baa248f