Sandbox PdfRenderer in a Service with android:isolatedProcess

[TheLastProject]

The Android documentation for PdfRenderer states:

If the file is from an untrusted source it is recommended to run the renderer in a separate, isolated process with minimal permissions to limit the impact of security exploits. Note: The constructor should be instantiated on the ERROR(/android.annotation.WorkerThread) as it can be long-running while loading the document.

While the scope of an exploit in a PDF file would be very limited (Catima has camera permission, and on old Android versions storage access, but no Internet permission) it would still be nice to improve the security whenever possible.

See #1795