Allow external_storage or media_rw gid access /mnt/media_rw

PublicVolumes are mounted on /mnt/media_rw/<volume>. Two categories of
apps need access to the mounts. Fortunately, they need access in
mutually exclusive scenarios.

1. The FUSE daemon needs access when serving content from app requests on
/storage/<volume>.

2. File managers (MANAGE_EXTERNAL_STORAGE permission) need access to
ureliable (USB OTG) volumes that are only available on the
/mnt/media_rw paths, i.e, they are not bind mounted into /storage
for apps.

Additionally, we want to ensure that file managers cannot access
/mnt/media_rw when there's a stacked FUSE volume on it. To do this,
we selectively change the mount gid of the /mnt/media_rw/<volume>
path:
-media_rw if it's a reliable volume, ie there's a stacked FUSE volume
-external_storage if it's an unreliable volume.

This ensures that file managers with their external_storage gid can
access unreliable volumes from /mnt/media_rw and cannot interfere with
the FUSE daemon when it's a reliable volume.

Test: adb shell sm set-force-adoptable [on|off] to set reliable or
unreliable volumes && mounting public volumes shows the correct
ACL on /mnt/media_rw/<volume>
Bug: 144914977

Change-Id: Iecf1a422d39e5137105b5a4946704858ce902a8a