Add mutex to CdmEngine for use of cert_provisioning_.

[ Merge of http://go/wvgerrit/167618 ]
[ PoC http://ag/21922303 ]

Bug: 258188673
Test: sts-tradefed run sts-dynamic-develop -m StsHostTestCases \
    -t android.security.sts.Bug_258188673
Test: GtsMediaTestCases
Change-Id: If71a0e7a81f376cf28688a590b6cb9dcea699545

libwvdrmengine/cdm/core/include/cdm_engine.h

@@ -442,6 +442,8 @@ class CdmEngine {
   CdmSessionMap session_map_;
   CdmReleaseKeySetMap release_key_sets_;
   std::unique_ptr<CertificateProvisioning> cert_provisioning_;
+  // Lock must be acquired before using |cert_provisioning_|.
+  std::mutex cert_provisioning_mutex_;
   wvutil::FileSystem* file_system_;
   wvutil::Clock clock_;
   std::string spoid_;

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -65,7 +65,6 @@ class UsagePropertySet : public CdmClientPropertySet {
 CdmEngine::CdmEngine(wvutil::FileSystem* file_system,
                      std::shared_ptr<metrics::EngineMetrics> metrics)
     : metrics_(metrics),
-      cert_provisioning_(),
       file_system_(file_system),
       spoid_(EMPTY_SPOID),
       usage_session_(),
@@ -1084,6 +1083,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
   }
 
   // TODO(b/141705730): Remove usage entries on provisioning.
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (!cert_provisioning_) {
     cert_provisioning_.reset(
         new CertificateProvisioning(metrics_->GetCryptoMetrics()));
@@ -1113,6 +1113,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
     std::string* wrapped_key) {
   LOGI("response_size = %zu, security_level = %s", response.size(),
        RequestedSecurityLevelToString(requested_security_level));
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (response.empty()) {
     LOGE("Empty provisioning response");
     cert_provisioning_.reset();