Initial impl issue #143085640: Per-process network access control

Add new manifest tags for declaring processes that an app
will use.  While declaring these processes, one can specify
specific permissions that will be denied to that process.
Doing so will result in any gids associated with that permission
from being given to that process, and any permission checks
that include a pid (which is not all of them) will fail when
checking a permission for that process.

For now, we limit these declarations to only the internet
permission, since we really need to do a lot of auditing to
determine how many other permissions can be denied (based on
how many permission checks for it are including the pid).
That said, this is explicitly not a security guarantee, so it
isn't a problem if there are ways around it (the process could
always IPC to another of the app's processes to do the same
thing).

One thing to be done is have the parser enforce that once an
app declares processes, it can only run things in those processes
and no others.

At this point the code is not yet tested at all.  That will be
coming in later.  This gets the APIs and various infrastructure
in place.

Bug: 143085640
Test: not yet tested

Change-Id: I27e8d0c811a5004fe251883f243517bb00d32d67