Don't allow sdk sandbox processes to register/unregister CPs

We are going to limit how sdk sandbox processes can interact with
content providers. This change adds blanket deny rule for the things
that we definitely don't want sdk sandbox to do (e.g. register content
providers).

Accessing CPs is a little bit more nuanced, since we at least should
give sdk sandboxes an option to access CPs defined in the WebView.
Effort to add additional restrictions on getContentProvider method for
sdk sandbox processes is tracked in b/226318628, in this change we
simply log the warning saying that access will be removed.

Bug: 217538253
Bug: 226318628
Test: presubmit
Change-Id: I766fff8288bb60acec9e9bf6dee14edfc99b30fb