Add plsCertsNoVerifyOnlyCerts to ApkSignatureVerifier.

There are currently two conceptual operations performed by PackageParser
while parsing APKs: collecting certificates and verifying them.
ApkSignatureVerifier relies on the systemDir flag to indicate whether or
not it should do a full verification of a package, but this only applies
when verifying V1 (jar signed) APKs.  This distinction should be explicitly
made.  This creates cleaner code and also saves time when verifying V2
signed systemDir APKs.

Bug: 64686581
Test: Builds, boots, passes
android.appsecurity.cts.PkgInstallSignatureVerificationTest.

Change-Id: Ie8a0f8cad3dd8f70da791f2f1f4516e84e2ae4d0