Surface "neverForLocation" through public API.

Since developers can declare the "neverForLocation" flag in their
manifest as public API, we should also offer a way to inspect the
value that we parsed from the manifest.  We do this by surfacing it
through the existing PackageInfo.requestedPermissionsFlags field.

This also means we can remove the PackageManagerInternal API, since
interested parties can now check PackageInfo directly.

Fix a potential security issue by only accepting flags from manifest
when the application is targeting a modern enough SDK.

Bug: 181812281
Test: atest CtsContentTestCases:PackageManagerTest
Test: atest FrameworksServicesTests:PackageParserTest
Test: atest com.android.server.pm.parsing
Change-Id: I877768c06ee15281f3334794034f4af563e74569