Add Cross-UID ActivityEmbedding trust model APIs

By default activity embedding should be restricted, and apps have to
opt in explicitly to allow other hosts to embed them. An app can
declare a list of known trusted embedding host certificates in
AndroidManifest for individual activities or entire application.
Alternatively, an app can allow embedding by all hosts in untrusted
mode. In this case interactions and operations that the client host
can perform on the embedded container will be limited to prevent
tapjacking and overlay attacks.

Bug: 197364677
Test: ActivityEmbeddingCrossUidTests
Change-Id: I78c303237fdc77bdf55bd74580ac0b19c8de622b