Fix #3864: Debug-sign locally deployed AABs

[BenHenning]

Explanation

Fix #3864

I noticed this while working on #3866. When trying to deploy the dev version of the app to certain versions of Android, the installation will fail since the AAB we generate isn't signed. Fortunately, bundletool makes it easy by passing it a keystore & credentials during the installation step (presumably so that it can zipalign & sign the generated APK before installing it on the device). For consistency with android_binary targets, we use Bazel's packaged debug keystore through Starlark.

Automated testing isn't really worth it here since this is a developer-only utility that can easily be mitigated or fixed if it were to break in the future. It can be manually verified by running bazel //:install_oppia_dev locally on develop vs. this branch when deploying to an Android 11+ emulator or device (I haven't tested it on earlier versions except 8.1 where it isn't an issue).

Essential Checklist

• The PR title and explanation each start with "Fix #bugnum: " (If this PR fixes part of an issue, prefix the title with "Fix part of #bugnum: ...".)
• Any changes to scripts/assets files have their rationale included in the PR explanation.
• The PR follows the style guide.
• The PR does not contain any unnecessary code changes from Android Studio (reference).
• The PR is made from a branch that's not called "develop" and is up-to-date with "develop".
• The PR is assigned to the appropriate reviewers (reference).

For UI-specific PRs only

N/A

[anandwana001]

I will review this later today.

[anandwana001]

Working for me. LGTM

[oppiabot]

Hi @BenHenning, this PR is ready to be merged. Please address any remaining comments prior to merging, and feel free to merge this PR once the CI checks pass and you're happy with it. Thanks!

[BenHenning]

Thanks @anandwana001! Merging this.