Allow carrier-privileged apps to download profiles.

If an app without the privileged permission requests a profile
download, the metadata is fetched from the LPA (which now includes
UiccAccessRules[]). If that profile whitelists the calling app, we
permit the download.

We also check the carrier privileges of the current profile and
require user consent if the current app doesn't have it, to prevent a
silent switch from one carrier to a different one. This check is not
fully implemented yet - the carrier privilege check is using the
profile instead of the metadata, since the SubscriptionManager changes
to store the current profile's metadata are not yet implemented, and
the resolution flows are not yet implemented. These will be addressed
in follow-ups.

Bug: 33075886
Test: Unit tests
Change-Id: Ia3db683932945bfc668f42ebf28a586d7a5805af