Add fsverity release cert

The release cert helps verifying CTS in a release build.

Bug: 153112812
Test: build, reboot, see a new key in /proc/keys
Change-Id: I6d8f4af6b1b0c023b668e81b7a1c71c7583d93d9
Merged-In: I6d8f4af6b1b0c023b668e81b7a1c71c7583d93d9

target/product/base_system.mk

@@ -86,6 +86,7 @@ PRODUCT_PACKAGES += \
     framework-res \
     framework-sysconfig.xml \
     fsck_msdos \
+    fsverity-release-cert-der \
     fs_config_files_system \
     fs_config_dirs_system \
     group_system \

target/product/security/Android.bp

@@ -3,3 +3,11 @@ android_app_certificate {
     name: "aosp-testkey",
     certificate: "testkey",
 }
+
+// Google-owned certificate for CTS testing, since we can't trust arbitrary keys on release devices.
+prebuilt_etc {
+    name: "fsverity-release-cert-der",
+    src: "fsverity-release.x509.der",
+    sub_dir: "security/fsverity",
+    filename_from_src: true,
+}