use a binary patch to install recovery from system

Instead of storing the whole recovery image in system in order to
flash it on first boot, we instead use an imgdiff patch from the boot
image to create the recovery image.  This is substantially smaller
since it effectively only stores the recovery binary and UI images
(the kernel and the init binary are identical to that of the boot
image).

This change modifies the OTA-building script to create and install
these patches, and changes the calculation of the system image size in
the Makefile to reflect the new scheme.