AImageReader: make sure ~AImageReader isn't called with FrameListener::mLock held.

The following sequence of events is possible:

t1: FrameListener::onFrameAvailable callback is called, mReader is
    promoted from wp<> to sp<>, t1 holds mLock.
  t2: AImageReader_delete is called, decStrong is called on AImageReader,
      but since its refcount isn't 0, ~AImageReader isn't called
    t1: onFrameAvailable completes, ~AImageReader is called with mLock
        held, ~AImageReader->
        setImageListenerLocked->FrameListener::setImageListener->tries
        to lock mLock again, t1 deadlocks.

We move the locking mLock to after the promotion of mReader to sp<> so
that it gets destructed before ~AImageReader is called.

The same is done for BufferRemovedListener.

Bug: 136193631

Test: Auth; unlock

Merged-In: I8bb8c7d59f3711fd9fe434159095938eb5db9153
Change-Id: I8bb8c7d59f3711fd9fe434159095938eb5db9153
(cherry picked from commit ebca5b98)
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>