Reuses the code that the installer uses, when it broadcasts to
the relevant installer that an Apk is available for install.
This used to do the following:
* Copy file to a private directory
* Make the file world readable (so that PM can access it)
* Send a file:// URI to the installer
The file:// URI is no longer supported for reasons explained in
the support lib FileProvider class. Now a content:// URI is required,
and that must explicitly grant permission to certain packages.
The existing code here used to grant permission to
org.fdroid.fdroid.privileged, and this code now also grants it to
com.android.bluetooth. I see no security threat with exposing these
files to both applications, because the .apk files only ever:
* Were downloaded from the public internet into a (potentially public)
cache dir.
* Were sourced from an `ApplicationInfo#publicSourceDir, in which
case any app can access that anyway.
Fises #837.