Add calling package verification for ATM binder calls

In some methods in ActivityTaskManagerService and AppTaskImpl we were
not validating if the callingPackage parameter that's passed in from
binder actually belongs to the calling uid. But some of our security
checks involve retrieving properties of the callingPackage, e.g.
ActivityStackSupervisor.getActionRestrictionForCallingPackage(),
and apps were able to circumvent these checks.

This CL adds checks that provided package name belongs to the calling
UID in ATM binder calls, and throws an exception if it doesn't.

Bug: 137395936
Test: Build & flash
Change-Id: I28608fd31bdbc56b758696a5e3b042c20d59c071