Support for a Context to "renounce" permissions.

Different logical components within an app may have no intention of
interacting with data or services that are protected by specific
permissions.

The new overload added in this change provides the initial mechanism
for a logical component to indicate a set of permissions that should
be treated as "renounced".  Interactions performed through the
returned Context will ideally be treated as if the renounced
permissions have not actually been granted to the application,
regardless of their actual grant status.

This is a low-risk change from a security standpoint, since it can
only reduce the set of permissions that might have been granted to
an app; it can never be used to expand the set of permissions.

Note that this change only provides an initial implementation which
only applies to local permission checks within the app; future
changes will begin wiring this up across process boundaries.

Bug: 181812281
Test: atest CtsContentTestCases:android.content.cts.ContextTest
Change-Id: I96439e5344c85300fb6a0f03e572746c3c96ee95