libbinder_random_parcel: driver writes iface token

It's really hard for the fuzzer to guess the interface token, so
rather than generating corpus or dictionaries for these for every
fuzzer, have the driver do this.

As a follow-up, we should have the driver keep track of binder
objects which are returned inside of the reply Parcel and also
fuzz these objects as well as send them back into the service.

Bug: 224646709
Test: vibrator example fuzzer instantly hits code inside of the
    vibrator service when fuzzing.
Change-Id: Idf1970439b87a01b44df1904605858c98a49e81a