Add "key owned by system" optional requirement in AVF

Introduce "android.key_owned_by_system" optional requirement to
AttestationVerificationPeerDeviceVerifier that may be used with both
supprted binding types - TYPE_PUBLIC_KEY and TYPE_CHALLENGE.

Implement checking if the leaf certificate public key is owned by the
system if the "android.key_owned_by_system" key is present in the
requiremenets bundle.

Bug: 224954254
Bug: 202926196
Test: AVF tests
Change-Id: I79ca0ff2263bd8babb7dace1a9a3f8848ab21454