[7/N] only the current verifier can call VerificationSession APIs

Only the current verifier bound by the system can call
VerificationSession APIs and the PackageInstaller API to change the
verification policy. This makes sure that even if there are multiple
verifiers installed on the device, only the one bound by the system can
affect the ongoing installations.

+ Removes @RequiresPermission from VerificationSession APIs because we
  no longer directly check for caller permission (instead, we are
checking for UID matches)
+ Add shell commands to get/set the global policy (for testing)
+ Improve error handling when binding to the verifier has failed
+ Some code polish

FLAG: android.content.pm.verification_service

BUG: 360129657
Test: atest CtsPackageManagerTestCases:VerifierServiceTest

Change-Id: If90d075ff117c666ae71bb593cad284f65f4d123