Create a better implementation for permission GIDs.

The old subsystem creates "fake" permissions owned by the "android"
package that will contain the GIDs and be overridden by system apps,
however that approach is fragile because it depends a lot on the package
scan order since these "fake" permissions will be trimmed after we scan
the "android" package.

In contrast, it's a lot easier and straightforward to just look up the
GIDs upon scanning permission definitions, which will also fix the
package scanning order issue. It also helps with removing one type of
permission definition and the special cases we had to add for it.

This is a better version of the easier but behavior changing fix
ag/26216413.

This change is behind a bug-fix flag since it's still a new way of doing
things, despite that it's straightforward and there's no expected
behavior change except for fixing GID assignment for permissions
declared in APKs-in-APEX etc on first boot.

Fixes: 325137277
Bug: 322197421
Test: manually check the GIDs in dumpsys permissionmgr after clean flash
Change-Id: Ied24c45734e7c57ce8ed0d015121675bfcbae54f