Clean up a11y bindInstantService and package check

Two orthogonal changes:
1. Making bindInstantService property internal to UserState and
putting a permission check on the setter.

Having the setter in SecurityPolicy didn't make sense to me
since the field was public anyway.

I'm removing the permission check on the getter for the system,
since the field is checked anyway in getInstalledA11yServices.
So it seems like it's possible to determine the value of this
value without the permission. It also just doesn't seem like
reading this value has any security implications.

I'm doing this as part of pulling SecurityPolicy out of AMS. It
felt silly to have a permission check that was only enforced
if the caller went out of its way to have it enforced.

2. Making list of valid packages independent of the caller.

Bug: 110715236
Fixes: 118701258
Test: A11y CTS
Change-Id: I43ad0b3f3e30eae1c2a3582db672217d957919df