MediaSession2: Reject calls from a Controller that haven't allowed

This CL prevent session from accepting unwanted commands.

Remaining work is for controller to not sending command to prevent
unnecessary binder calls. Note that we need protection logic from the
session because an evil app may make fake binder interface and call any
API.

Bug: 72618604
Test: Run MediaComponentsTest
Change-Id: I08401e99eb03b83b3b41321dca860c10990d78c4