Ensure signature for allowlisted system app update on boot

With v4 signature and fs-verity, verifying an APK integrity is O(1)
time. This allows us to enforce signature and detect persistent attack
(via tampering with an APK) across a reboot for updated system apps.

For the first step, we don't implement a policy (e.g. all priv apps)
and only protect the packages in an allowlist specified by a resource
property. This is due to the ecosystem complexity, where some OEM may
preload app from another developer, since developer's v4 signature may
need extra plumbing depending on how they are installed.

Some implementation details:

After a system package is updated, during the boot we still want to
retrieve the SigningDetails from the APK in the dm-verity protected
partition. This is to harden and protect the allowlisted apps from
tampered record in an attacking scenario. The SigningDetails of the
disabled pacakge is then used during the reconcile phase, to ensure
the updated package has consistent signature with the original version.

Originally, canSkipForcedPackageVerification checks splits explicitly.
This is not necessary because ParsingPackageUtils.getSigningDetails can
only succeed (e.g. during collectCertificatesLI, when forced) if the
splits are consistent with the base.

Delete some dead code, e.g. in the skipVerify condition.

Bug: 277344944
Test: 1. locally add com.android.egg to the allowlist
      2. build EasterEgg with v4 signature; and EasterEgg2 with a
         different signing key
      3. adb install-multiple --no-incr EasterEgg.apk EasterEgg.apk.idsig
      4. with root, replace base.apk and base.apk.idsig with EasterEgg2,
         chown and enable fsverity
      5. adb shell stop/start
      6. verify from logcat that the APK is recovered by expected check
        * With some code change to force condition.
Change-Id: I0b62b73208c7d4e6b8613f1ae3aa726de8d8fa65