Accept APK install with v4 signature to set up fs-verity

.idsig is recognized and staged in the installer session. When .idsig is
provided, fs-verity is enabled in validateApkInstallLocked before the
first APK signature check happens.

With fs-verity enabled, ApkSignatureSchemeV4Verifier can also work (in
additional to IncFS) over fs-verity. The verifier can build fs-verity
digest from V4Signature.HashingInfo and verify the signed data is
consistent with the actual fs-verity digest. See
VerityUtils#generateFsVerityDigest.

ApkSignatureSchemeV4Verifier#extractSignature now also throws
SignatureException. When a signature size is wrong (see CTS test
PkgInstallSignatureVerificationTest#testInstallV4WithWrongSignatureBytesSize),
V4Signature.SigningInfos.fromByteArray throws an EOFException (which is
an IOException). The IOException is handled as missing signature by
rethrowing as SignatureNotFoundException. But this allows a fallback to
other v3/v2 signature check. This change distriguishes it by rethrowing a
SignatureException instead. This is not a problem during an incremental
install, because the signature size check happens earlier when the
installer commits, and it's done inside IncFS.

Bug: 277344944
Test: Force enable the (read-only) flag, since it's off in build time, then
      atest android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I6fd22fe2e04cfc58c68e690f23f63ff268938eda