ControlLoc: Physical-World Hijacking Attack on Camera-based Perception in Autonomous Driving