Grant Device IDs access to Profile Owner

In order to allow inclusion of device identifiers in the key attestation
record generated by the profile owner, the platform needs an explicit
signal that it is OK for the profile owner to access those identifiers.

Add a system-privileged method to the DevicePolicyManager that allows
system applications, as well as Managed Provisioning to indicate that the
profile owner may access those identifiers.

In the DevicePolicyManagerService the following has changed:
* The OwnerInfo now contains a flag indicating whether the profile owner
  was granted access to the device identifiers or not.
* The permission check for use of the Device ID Attestation flags in
  generateKeyPair has been adjusted to allow profile owner (or its
  delegate) to use them, if device identifiers access has been granted.
* A couple of utility methods have been added to ease checking of
  profile owner presence for a user and whether the profile owner can
  access device identifiers.

Additionally, a new adb command has been added to give this grant to an
existing profile owner for testing purposes.

Bug: 111335970
Test: Manual, using TestDPC + ADB command.
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: Additional CTS tests, see cts change in the same topic.

Change-Id: I05f2323d5edacd774cd3ce082ee9c551100f4afd