Require rollback permission to use rollback install reason

The platform provides a mechanism to rollback an app to the previously
installed version, but if the APK signing key was rotated on the newer
version the ROLLBACK capability must be set for the previous signing
key to allow the rollback to proceed. However setting the ROLLBACK
capability on a previous signing key negates one of the primary reasons
of rotating as it allows a subsequent app update to proceed with an APK
signed with this previous signing key. Since only platform signed or
priv-apps should have the permission to perform a rollback this commit
will enforce that the rollback install reason is guarded by this
permission. In a future commit the rollback install reason will be used
to allow a rollback of an app even if it's signed with a previous key in
the lineage.

Bug: 175231724
Test: atest NoRollbackPermissionTest
Test: adb shell pm rollback-app <TEST_APP>
Change-Id: I8e1beaba2c22a4b25ada34a2c4b52cde47c780a0