Dump and enforce certificate for apks

Dump the list of APKs that aren't located at system partition and signed
with system certificate.
And when enforcement option is enabled, it makes build error if there is
the apk that satisfies the condition above.

Bug: 74699609

Test: m -j
Test: m out/target/product/$(get_build_var TARGET_DEVICE)/certificate_violation_modules.txt

Change-Id: I23c41f2665dd97abac3e77d1c82d81ff91b894eb