Add "bootCertificateChainSignature" to Drm plugin getPropertyByteArray()

This allows Widevine RKP HAL to query BCC signature via DRM interface
during BCC extraction for remote provisioning phase 3. The query returns
the "additional_signature" field from
OEMCrypto_GetBootCertificateChain().

Test: Manual BCC extraction on Pixel 9
Bug: 355160637
Change-Id: I1a310a80c0cfef82ee3697f06c1293d5c1c3896a

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -903,6 +903,26 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
     LOGE("Failed to extract BCC: status = %d", status.ToInt());
     return status;
   }
+  if (query_token == QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE) {
+    std::string bcc_unused;
+    std::string signature;
+    const CdmResponseType status = crypto_session->GetBootCertificateChain(
+        security_level, &bcc_unused, &signature);
+    if (status == NO_ERROR) {
+      LOGV("BCC signature length: %zu", signature.size());
+      *query_response = std::move(signature);
+      return CdmResponseType(NO_ERROR);
+    }
+    if (status == NOT_IMPLEMENTED_ERROR ||
+        status == PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR) {
+      LOGD("BCC signature not available: %s", status.ToString().c_str());
+      *query_response = QUERY_VALUE_NONE;
+      return CdmResponseType(NO_ERROR);
+    }
+    LOGE("Failed to extract BCC signature: status = %s",
+         status.ToString().c_str());
+    return status;
+  }
   if (query_token == QUERY_KEY_DEVICE_INFORMATION) {
     std::string device_info;
     const CdmResponseType status =