[Rootcanal] Spoof SCO packets on offload path

If we are using SCO-over-HCI, no behavioral change. Otherwise, when a
SCO connection is up, we will send garbage data to the other side. This
is needed for PTS tests, and exercises the same code paths in the stack
as would be the case on real devices (since the datapath goes via the
modem, DSP, and then controller, skipping the AP entirely).

Tracking bug b/238708237 for a more realistic audio path using the
modem_simulator.

Bug: 245578454
Test: atest pts-bot
Ignore-AOSP-First: Cherry-picked from AOSP
Merged-In: Idd4457437a2aadc9743884908cd3413da1aefb40
Change-Id: Idd4457437a2aadc9743884908cd3413da1aefb40