libbinder: RPC error on unexpected session ID size

The session ID is created by the server, and passed to the client. This
prevents making a OOM-large allocation if a malicious client claims to
pass a large session ID.

Fixes: 201599425
Test: binderRpcTest
Change-Id: I24c66b70fbb5e194c2b603214e2f962b31ff27f9