Description:

Added replacements of `readList`, `readParcelable` and
`readParcelableCreator` APIs.

To avoid unexpected types of objects being unparcelled,
ideally clients would use the readTypedXXX() methods that
take the parcelable creator. However, this won’t be an option
for use cases involving deserializing children objects
inherited from non-final parcelable or serializable objects.
Currently out of ~4k parcelable classes, only ~1.5k
are marked as “final” in the platform. Hence it would be
necessary to introduce new replacements that take
an extra Class<T> parameter and before deserializing
we check that the class written on the wire is the
same or a descendant from the one provided as argument.

Doing so could enhance the security of Parcel deserialization,
More details can be found at go/safer-parcel.

Test: atest -d android.os.cts.ParcelTest
Bug: 195622897
Change-Id: Ie9a4cb4c3d6f1805b14df7b703aef43e2993d459