Use the new root cert file under the core/ folder

This CL also adds an alias param to the RecoverySession#start method.

Bug: 76033708
Test: runtest frameworks-services -p \
      com.android.server.locksettings.recoverablekeystore

Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922