Support AVB signing for BOARD_PREBUILT_BOOTIMAGE

Devices using GKI architecture will use a prebuilt boot.img.
However, we should still sign this prebuilt boot.img with
device-specific AVB keys.

Steps to test the CL.
1. In a device BoardConfig.mk:

   # Uses a prebuilt boot.img
   TARGET_NO_KERNEL := true
   BOARD_PREBUILT_BOOTIMAGE := device/google/redbull/boot.img

   # Enable chained vbmeta for the boot image.
   # The following can be absent, where the hash descriptor of the
   # 'boot' partition will be stored then signed in vbmeta.img instead.
   BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
   BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA4096
   BOARD_AVB_BOOT_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
   BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 2

2. `make bootimage`, then `avbtool info_image --image $OUT/boot.img`,
    checks the image is re-signed with a device-specific key

3. `make dist` to generate out/dist/TF.zip

4. `unzip out/dist/TF.zip IMAGES/boot.img`

5. `avbtool info_image --image out/dist/IMAGES/boot.img`,
    checks the image is re-signed with a device-specific key

6. `sign_target_files_apks \
      --avb_boot_key=external/avb/test/data/testkey_rsa8192.pem \
      --avb_boot_algorithm=SHA256_RSA8192 \
      --avb_boot_extra_args="--prop test:sign" \
      ./out/dist/*-target_files-eng.*.zip signed.zip`, resign the TF.zip

7. `unzip signed.zip IMAGES/boot.img`, then use `avbtool info_image` to
   check the boot.img is re-signed with the --avb_boot_key in step 6.

Bug: 188485657
Test: above steps
Change-Id: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801