Add tests for certs with negative modulus

Some existing apps are signed with certificates that use a negative
RSA modulus, which is invalid (an RSA modulus must be positive).
BoringSSL previously tolerated this case, but the parsing was
tightened up and now any attempt to parse such a certificate will
fail.  The on-device signature validation code doesn't rely on parsing
the certificate with BoringSSL to validate signatures, so it's still
able to do so despite the change.  We want to ensure that continues in
the future, so add tests that confirm that APKs signed with a
certificate containing a negative modulus can be installed.

Test: cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest
Bug: 80514547
Change-Id: I6cf6322b250493fc3441471973f5125f1816655a
4 files changed