Use precompiled sepolicy when available

NOTE: This change affects only devices which use SELinux kernel policy
split over system and vendor directories/partitions.

Prior to this change, init compiled sepolicy from *.cil files on every
boot, thus slowing boot down by about 400 ms. This change enables init
to skip the step compilation and thus avoid spending the 400 ms. The
skipping occurs only if the device's vendor partition includes an
acceptable precompiled policy file. If no acceptable policy is found,
the compilation step takes place same as before.

Because such devices support updating system and vendor partitions
independently of each other, the vendor partition's precompiled policy
is only used if it was compiled against the system partition's policy.
The exact mechanism is that both partitions include a file containing
the SHA-256 digest of the system partition's policy
(plat_sepolicy.cil) and the precompiled policy is considered usable
only if the two digests are identical.

Test: Device with monolithic policy boots up just fine
Test: Device with split policy and with matching precompiled policy
      boots up just fine and getprop ro.boottime.init.selinux returns
      a number below 100 ms. No "Compiling SELinux policy" message in
      dmesg.
Test: Device with split policy and with non-matching precompiled
      policy boots up just fine and getpropr ro.boottime.init.selinux
      returns a number above 400 ms. There is a "Compiling SELinux
      policy" message in dmesg. The non-matching policy was obtained
      by adding an allow rule to system/sepolicy, building a new
      system image using make systemimage and then flashing it onto
      the device.
Bug: 31363362
Change-Id: Ic2e81a83051689b5cd5ef1299ba6aaa1b1df1bdc