Expose carrier privilege rules certificates as @TestApi.

With the updated CTS UICC spec added this year, some SIM-dependent CTS
tests will need to do runtime inspection of the certificates available
to determine which SIM the test is running with. This information may be
used to e.g. selectively enable tests only for newer SIMs if they
require the updated hardware.

Test: make
Test: atest CtsCarrierApiTestCases
Bug: 178419755
Change-Id: I34fa7392d58585e9559fef886671c759ed2d66b4
Merged-In: I942d4c0c7c786d7c8b561e5e65773367cefffb31
(cherry picked from commit 5bf8a843)