Don't allow activites on virtual displays

.. unless the caller has ACTIVITY_EMBEDDING permission or is already
present on the display. This prevents non privileged apps from elevating
their FG state by creating a private VD and putting an activity there.
Which would keep their stack considered FG even after their activity on
the main display is no longer visible.

Test: atest CtsWindowManagerDeviceTestCases:MultiDisplaySecurityTests
Bug: 146768652
Change-Id: I1f9662c2bd14b34e00fbc8ebb926538f0329c37a