netutils_wrapper: Add policy for denials

netutils_wrapper domain processes are not allowed to load any dynamic
kernel modules. Mute this denial to avoid log spam. Fix the following
denial -

type=1400 audit(1525971068.480:656): avc: denied { sys_module }
for pid=10136 comm="tc" capability=16 scontext=u:r:netutils_wrapper:s0
tcontext=u:r:netutils_wrapper:s0 tclass=capability permissive=0

Change-Id: Id2bb4336096b0cf3e56c81054d733f432b60da3f
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>