Fix admin policies in managed profiles

Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.

Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.

Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.

Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.

Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983