Fix partition verification

Switch from a denylist to an allowlist for the selinux labels of disk
partitions. Fix the code to match against type rather than the full
label. Extend the list of exempted partitions. Add a unit test (and
delete the redundant placeholder test). Simplify SeContext since we no
longer need to construct one from a string, add the ability to extract
the type.

Along the way, I improved error reporting to give the full context for
errors (otherwise the interesting bits get omitted).

Bug: 237054515
Test: atest MicrodroidHostTestCases ComposHostTestCases
Test: test virtualizationservice_device_test
Change-Id: Ia3993a9b783b1f31bc5312af40dd5a17bf4ebfb0
diff --git a/virtualizationservice/src/payload.rs b/virtualizationservice/src/payload.rs
index 42c51a1..7807cd6 100644
--- a/virtualizationservice/src/payload.rs
+++ b/virtualizationservice/src/payload.rs
@@ -201,7 +201,7 @@
 }
 
 /// Creates a DiskImage with partitions:
-///   metadata: metadata
+///   payload-metadata: metadata
 ///   microdroid-apex-0: apex 0
 ///   microdroid-apex-1: apex 1
 ///   ..