Clear caller indetitiy and use controller op package after security checks.

The SubscriptionController is calling into local managers from its
context. Hence, we have to clear the IPC binder identity and then
use the app ops package name for the controller when calling into
other APIs. This avoid two situations: first, the subscription
controller calls into other APIs with the caller identity but the
controller op package name; second, the controller calls into
other APIs with its own identity but the ap op package of the
caller. This avoid crashes when we have nested APIs each of which
performs its own app op checks. Fun.

Change-Id: I0bd02d9ab1bea4de6bd96584a514cdc6406193af