Remove the resolved path of session's APK from user confirmation intent

Intent sent to the user for install confirmation includes the resolved
path of the session's base apk. A malicious app can modify this path, resulting
in the installer activity to show a different app icon and label in the
confirmation dialog.

To fix this, expose a SystemApi for getting the resolved path and
permission protect it with a privileged permission.

Bug: 269728874
Test: atest CtsPackageInstallTestCases:SessionTest
Change-Id: Ibe7fe3ab5e74e3e910d9f7bd5b6f3f2e3c0ca658