OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session.
Validations added/updated in this CL:
1. at least one entitled key is supposed to have matching entitlement
key in the new session;
2. the key control block in the new entitlement key should remain
unchanged compared to the existing entitlement key.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta, jenkins/run_fake_l1_tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/171192
Change-Id: I3868aa0d3c5ffb818ed83b9c49313125803939e0
5a17d8ebd9