More robust ProcessRecord routing for resultTo.

To deliver a "resultTo" listener for a broadcast intent, we need to
know about the ProcessRecord we're returning the result to, so that
we can potentially unfreeze them and sequence the response through
their main thread.

Also offer to lookup the "system_server" process when the caller
provides an in-process resultTo instance; this smoothly handles
dozens of situations where the system sends broadcasts without
having easy access to its own ProcessRecord.

Bug: 251486235
Test: manual
Change-Id: I1ff58a0e918b620def25a056624f093d951667a6