[BOUNTY #2851] Remote DroidGuard server guide + multi-step session support

[GautamKumarOffical]

Summary

This PR addresses the remote DroidGuard infrastructure needed for Play Integrity support. It includes:

1. Multi-step session protocol in RemoteHandleImpl for Play Integrity's multi-step DroidGuard flows
2. guardWithRequest implementation in DroidGuardServiceImpl (was marked TODO)
3. Python server script to run a DroidGuard server on an old phone via Termux
4. Setup guide documenting how to use a spare phone as a DroidGuard server

Changes

Client-side (RemoteHandleImpl)

• Added session-based protocol with begin/snapshot/close lifecycle
• Fallback to single-step mode if session creation fails (backward compatible)
• Session tracking enables multiple snapshot() calls per session, needed by pia_attest_e1

Service (DroidGuardServiceImpl)

• Implemented guardWithRequest() which creates a handle, runs the flow, and returns results via callbacks on a background thread

Server (new)

• play-services-droidguard/server/droidguard_server.py - Python HTTP server for Termux
• play-services-droidguard/REMOTE_DROIDGUARD_SETUP.md - Setup guide

How it works

The remote DroidGuard server script runs on an old Android phone with microG in embedded mode. When a client device in Network mode requests a Play Integrity token:

1. Client calls init() - server creates a session and returns a session ID
2. Client calls snapshot(data) - server runs DroidGuard locally with the data
3. Client calls close() - server cleans up the session

Testing

This requires testing on actual Android devices. To verify:

1. Install the server script on an old phone via Termux
2. Configure microG on the server phone with embedded DroidGuard
3. Start the server: python3 droidguard_server.py --port 8080
4. On the client phone, set DroidGuard mode to Remote with the server URL
5. Test with an app that uses Play Integrity

Fixes: #2851

[kaduvert]

At least passes a quick visual inspection!

if you could further elaborate how the server is actually supposed to be used, like getting DEVICE integrity is great and all, but explain please what device is expected in the end?

Does it run on stock phones? You can not put microG together with normal GMS as i understand, so please elaborate a bit
If it doesnt run on stock phones, how does it manage the staying compliant (passing) part?

Also recording a 1-2 minute demo of the complete setup (like you having your client and server phone and a integrity request is being made) would be great but the PR can of course be reviewed without.

[kaduvert]

Also explain why

Some apps may reject tokens from remote DroidGuard depending on their configuration

(cited from your setup guide)