Check caller owns admin for per-admin getters.

Currently some functions allow the caller to check policy
enforced by a particular admin by passing a non-null "who"
argument. This circumvents package visibility rules. There is no
legitimate reason for an 3rd party app to query policies for
arbitrary admins. With this change whenever "who" is not null,
the code will ensure that the admin referenced by "who" is owned
by the caller.

Exception to the above are methods that are also called by
Setting to query policy for a particular admin for policy
transparency. For those methods callers with system UID are
allowed to query per-admin policy:
 * getMaximumFailedPasswordsForWipe
 * getMaximumTimeToLock
 * getPasswordQuality

There is no legitimate reason for an 3rd party app to query
policies for arbitrary admins. Code search for
getPasswordHistoryLength and getPasswordMinimum* methods doesn't
return any priviledged usage of these methods inside Android.
getPasswordQuality is used by Settings, hence the system uid is
exempt.

Bug: 204995407
Test: atest android.devicepolicy.cts.NoAdminLeakingTest
Test: atest android.devicepolicy.cts.ResetPasswordWithTokenTest
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPasswordRequirementsApi
Change-Id: I443ed1f6dcd5e5b161c99dd09a4b2aef9f8ef0a7
Merged-In: I443ed1f6dcd5e5b161c99dd09a4b2aef9f8ef0a7