Enforce nanoapp permissions for ContextHub APIs

Adds the following behavior:
1) Ensures nanoapp messages aren't delivered to host apps unless they
hold the required permissions
2) Ensures that host apps continue to hold the required permissions set

Also pipes the package name for callback clients since their package
name can't be determined on the other side of the binder.

Bug: 166846988
Test: Disable permissions on host client and verify that nanoapp and
host lose communication after ~1 minute
Test: Re-enable permissions on host client and verify host receives
appropriate callback

Change-Id: I14af504f0b230f6ce15852f16fc8b174fdd52252