Add role as a new permission protection flag.

Permissions with the role protection flag will be able to be managed
by role via grant/revokeRuntimePermission(), similar to development
permissions but only manageable by role.

Also fixed a bug that PermissionController can get any signature
permission.

Bug: 158736025
Test: presubmit
Change-Id: I49603cee91466a791be66055a922ba1a8bd08d4e