Move DefaultPermissionGrantPolicy out of PermissionManagerService.

DefaultPermissionGrantPolicy should be migrated to role in the future,
however it requires exposing a lot of APIs, including
set*PackagesProvider() and grantPermissionsTo*(), which would soon be
deprecated once we finish migration to role. On the other hand, the
benefits of making DefaultPermissionGrantPolicy updatable is
negligible. So we should keep DefaultPermissionGrantPolicy in the
platform.

Since we are making permission updatable, and package is a different
thing from permission, we are creating a new internal service call
LegacyPermissionManagerService to host it. We need this new internal
service instead of directly exposing DefaultPermissionGrantPolicy,
because there are system APIs on the framework PermissionManager class
that needs an AIDL interface, and a small amount of the AIDL methods
there are not DefaultPermissionGrantPolicy but still should remain in
platform. For now, the AIDL methods are delegated to
LegacyPermissionManagerInternal via PermissionManagerService, but
later we will create its own AIDL for LegacyPermissionManagerService
and make the AIDL calls directly, without involving
PermissionManagerService.

So we are exposing a new LegacyPermissionManagerInternal on
LocalServices, and replacing the usages of the previous
PermissionManagerServiceInternal.

LegacyPermissionManagerInternal is also made available in
PackageManagerService to facilitate calling
DefaultPermissionGrantPolicy grantDefaultPermissions().

The system browser permission granting is moved into the browser
role's behavior, to avoid exposing it to RoleManagerService.

Bug: 158736025
Test: presubmit
Change-Id: Ic78f7775eaf0b1d7b5b940ccb03f7afc38437ef4