AuthGraph VTS: detect additional errors

A failure to get the IAuthGraphKeyExchange/nonsecure instance might
be because it's not registered (likely on most non-Cuttlefish devices)
or it might be for some other reason, such as SELinux denial.

So detect other kinds of failure to get the service, and also change
the VTS to require root so SELinux denials don't happen.

Also tweak the expected return code when a source is given a corrupt
key; now that replay protection is implemented, the reference
implementation rejects this earlier (and with a different error)
because the session lookup fails.

Test: VtsAidlAuthGraphRoleTest
Bug: 291228560
Change-Id: I032600ac809f43a3642fa9ef9aae788d3ca2378f