RESTRICT AUTOMERGE: Trust session id only if started with ACTION_CONFIRM_INSTALL

InstallStart was reading sessionInfo whenever the starting intent had
the extra EXTRA_SESSION_ID. This could happen even if an external app
inserted a valid session id into its own REQUEST_INSTALL_PACKAGE intent.
This allows apps to potentially spoof the calling package.

Test: Existing tests pass:
atest GtsPackageInstallTestCases GtsNoPermissionTestCases \
GtsNoPermissionTestCases25

Bug: 112031362
Change-Id: Icdab1deeaf6b0afe7a61709cd87305336c467e33
(cherry picked from commit 10b0b0dc)