Properly fix revokePermissionsNoLongerImplicitLocked() for shared UIDs.

This is actually a follow up to ag/13938162 that will properly fix the
shared UID handling.

If there are multiple packages in the same shared UID, the target SDK
version of the UID should be the lowest target SDK version of those
packages. This is also confirmed by existing code in
PermissionManagerService and PackageManagerService.

However, the current implicit permission revocation is only reading
from the implicit permissions of the particular package, which is
determined during package parsing according to the target SDK version
of that package. So if a permission in one package in the shared UID
is becoming explicit, it breaks the other package if it still relies
on the permission being implicitly. And in reality, it's hard to make
sure the other package has been updated to handle this situation.

So in order to properly fix this, we need to collect all the implicit
permissions in this shared UID and pass that to the revocation
logic. This does mean we will be doing exactly the same thing again
when we are handling other packages' permission state, but that won't
be a big issue, whereas the alternative is to refactor the code to
handle permission state by UID which is way too risky for T or
backports. In the proposed new permission subsystem, we will indeed
handle permissions by UID though.

Bug: 201263297
Test: presubmit
Change-Id: I8315dc27b703d819e8970134d5cf17b0edbc22dc
Merged-In: I8315dc27b703d819e8970134d5cf17b0edbc22dc