Uri permission grants improvements, tests, fixes.

The primary work in this CL is fixing two subtle security bugs that
have recently been reported in how checkGrantUriPermission() handles
advanced grant features like "persistable" and "prefix".  In general,
these advanced features should only be available when the underlying
provider has enabled permission grants.  The only narrow case where
we should allow granting without provider consent is for simple "read"
or "write" grants when crossing user boundaries.

To verify these fixes, this change adds thorough unit testing of
the core granting functionality.  This helped uncover a few subtle
bugs in how prefix grants were being issued, and in how persistable
grants were being released.

To support mocking in tests, shift all AM/PM calls to using Internal
interfaces, and initialize using best-practice onBootPhase().  This
also means we no longer have to handle RemoteExceptions.

Shift NeededUriGrants to using an ArraySet to avoid duplication of
grant data structures.

Define TEST_MAPPING to ensure future changes are tested.

Bug: 140729426, 138791358
Test: atest FrameworksServicesTests:com.android.server.uri
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.AppSecurityTests#testPermissionDiffCert
Change-Id: I8dac08280981c3cd15071226319efe9ebd8b4db5