Check permissions for unattended installer

This PR introduces the class ApkVerifier which checks the permissions of the downloaded apk file against the expected permissions from the F-Droid listing (Apk class).

• I removed AndroidXMLDecompress because everything which it has been used for can also be done with PackageManager.getPackageArchiveInfo(), to the best of my knowledge. I even asked in at a similar project why PackageManager.getPackageArchiveInfo()may not be enough: https://github.com/jaredrummler/APKParser/issues/3 It turns out in our case it should do everything we need.
• The code responsible for sanitizing the local apk file and making it world readable has also been moved into ApkVerifier for now. This can change in a later PR when I introduce the FileProvider for downloaded apks.

We still need to check the target sdk version (see TODO in ApkVerifier). This depends on https://gitlab.com/fdroid/fdroidclient/merge_requests/323