Fix evaluation order of (Cfi|Memtag) exclude paths.

Before this change, exclude paths disabled sanitization of targets that
would otherwise be enabled by SanitizeDevice product variable (aka
SANITIZE_TARGET).

With this change, in addition to the above logic, exclude path disables
sanitization of targets that would otherwise be enabled by the
corresponding include path.

Effectively, this change disables sanitization of targets that are
covered by *both* include and exclude paths.

Test: build/soong/cc/cc_test.go
Bug: b/184976817
Change-Id: I96f1e2a808d88b352b92b7490fa1df5c010314c3