Take package snapshot before locking DomainVerificationService

Because snapshot() can take PMS#mLock when the snapshot is invalid,
there's a potential deadlock if Settings is trying to serialize into
DVS. Instead, take the snapshot before locking DVS, which introduces
a potential race condition, as DVS relies on its internal lock
to serialize package changes, but there's not much better that
can be done until mutate-time snapshots are enabled.

Bug: 220994615

Test: atest com.android.server.pm.test.verify.domain
Test: atest CtsDomainVerificationHostTestCases
Test: atest CtsDomainVerificationDeviceMultiUserTestCases
Test: atest CtsDomainVerificationDeviceStandaloneTestCases

Change-Id: Ib4f4605d6b19ef14e47dffc3df3bee62a745a817