Verify cross-uid activity embedding

By default activities cannot be embedded by non-privileged
processes. Apps can either declare their activities to be available
for untrusted embedding, or limit it to certain trusted hosts.

This CL verifies that an application cannot embed activities that
didn't opt in, and verifies that in untrusted mode the host cannot
request SurfaceControl transactions or position the embedded
container outside of the task bounds.

Bug: 197364677
Test: ActivityEmbeddingCrossUidTests, TaskFragmentOrganizerTest
Change-Id: Ief54c9acae1a9a4152af710f67e7810afdcff9ba