[ECM] Add ECM allowlist to SystemConfig

This introduces a new configurable XML file
(/etc/sysconfig/enhanced-confirmation.xml) for ECM (Enhanced
Confirmation Mode). This file enables OEMs to declare a list of
"trusted packages" and/or "trusted installer" packages.  A "trusted
package" will be exempt from ECM restrictions. A "trusted installer",
and all packages that it installs, will be exempt from ECM restrictions.

The file may contain zero or more XML elements of the form:

    <enhanced-confirmation-trusted-package
         package="com.example.app"
         sha256-cert-digest="E9:7A:BC:2C:D1:..."/>

...and/or...

    <enhanced-confirmation-trusted-installer
         package="com.example.app"
         sha256-cert-digest="E9:7A:BC:2C:D1:..."/>

(Where the 'package' attribute is a package name, and
'sha256-cert-digest' is a hex-encoded SHA-256 digest of a signing
certificate. Both fields are required for each XML element.)

This file is parsed by the SystemConfig class, where the collection of
all XML elements are deserialized into (SignedPackage) objects which
are cached within SystemConfig.

These objects are accessible by calling either the following SystemAPI
methods:

    SystemConfigManager::getEnhancedConfirmationTrustedPackages
    SystemConfigManager::getEnhancedConfirmationTrustedInstallers

...which in turn call the (respective) binder methods:

    SystemConfigService::getEnhancedConfirmationTrustedPackages
    SystemConfigService::getEnhancedConfirmationTrustedInstallers

...which read the data directly from SystemConfig.

The only intended caller of this API is ECM
(EnhancedConfirmationManager/EnhancedConfirmationService), which runs in
SystemServer.

The reason this needs to be SystemApi(MODULE_LIBRARIES) is that the ECM
source code lives within the packages/modules/Permission mainline
module.

Bug: 310654834
Test: atest FrameworksServicesTests:com.android.server.systemconfig.SystemConfigTest
Change-Id: I50e524e5782cea4e66232acef493edbe62aa1f61