Fix privapp permission allowlisting.

The refactoring in S unintendedly introduced a change that allowed
signature|privileged to be granted to platform-signed privileged apps
without being in the allowlist XML, so we should revert to the old
behavior.

The refactoring was done in the hope that we can have one step that
handles privileged permission granting. However upon retrospection, we
have to do this in two separate steps because the privapp permission
allowlist should always be enforced first.

This change reverts to the old behavior by looking at both the current
code and the R source code, then extracts the privapp permission
enforcement as a separate step that happens first, to be used by both
signature and the new internal permission protection.

Also simplified the check about privileged permission, because vendor
privileged permission is always a privileged permission, as made sure
in PermissionInfo.fixProtectionLevel().

In the mean time, added the missing privapp permission allowlist entry
for Settings and RESTART_WIFI_SUBSYSTEM for device to boot.

Fixes: 179309876
Test: manual
Change-Id: I93cfe7a4621fc5ac65229d42c7a8ebd825ae8ae5