Sanitize Bundle from AbstractAccountAuthenticator.

Bundle is replaced with a new one which contains only documented keys.

Doesn't affect getAccountCredentialsForCloning which can pass arbitrary
bundle.

Ideally the check should be performed once when bundle is recieved in
AccountManagerService. With complex Session class hierarchy the check
can run twice - it can be optimized later.

Bug: 354682735
Test: atest CtsAccountManagerTestCases
Test: atest com.android.server.accounts.AccountManagerServiceTest
Flag: EXEMPT bugfix
Change-Id: Ia3e934e7f72e393c9db777a8a4d59f47e59a98b8