Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890