netmgrd: Allow access to xtables lock

xtables lock is in system partition while netmgrd will migrate to
vendor partition. Once final treble changes are merged,
netutils wrappers would need to used to avoid this failure and
this policy will need to be reverted.

Fix the following denial -

[   27.822113] type=1400 audit(3800.679:62): avc: denied { lock } for
pid=1668 comm="iptables" path="/system/etc/xtables.lock" dev="sda6"
ino=1875 scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_file:s0
tclass=file permissive=0

CRs-Fixed: 2043643
Change-Id: I2860b8cad2411681fa9920657ef3e8d127fa2fd2