Check the public-key signature of the whole certificate file before
accepting the certificates

This change requires an additional param to the initRecoveryService()
API to take in the public-key signature.

Bug: 73904566
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: I2aeead1fda51b6cd8df71ed3b5066342ebc8d5ea
8 files changed