Pass metadata as AttributionSourceSource.

These two PermissionManager methods are using AttributionSource as
metadata only, and aren't interested in the remote caller enforcing
that the claimed UID matches the caller, since they're not actually
being used for permission enforcement.

Thus we pass the metadata using the AttributionSourceState holder
object and reconstruct on the remote side, entirely avoiding the
enforceCallingUid() check.

Bug: 193842956
Test: atest CtsPermission5TestCases
Change-Id: I576b6feb8cc2b0586b4341268866d8027689293f