Check IsolatedOwner permissions for known isolated_compute_apps

AICore implementation requires to query caller package-name and signing certificates as part of caller auth which is currently performed in an isolated_compute_app.
Since isolated apps cannot hold permission, this change adds logic to check for permission on the isolated owner instead.

Flag: EXEMPT bugfix
Bug: 348634518
Test: local, cts needs more setup for multi-user device, will add in followup
Change-Id: I8a8ac09f9cad7ebe9580792eead25e4b8d6aaa81