Throw exception from startActivity if not allowed.

The ActivityView.startActivity method may defer calling
ActivityContainer.startActivity if the ActivityView is not yet
visible. If the activity being started doesn't have allowEmbedded
attribute set to true then the SecurityException will not be
thrown until the ActivityView is visible. In such a case the caller
of ActivityView.startActivity cannot catch the SecurityException.

This fix checks the attribute at the time ActivityView.startActivity
is called.

Fixes bug 14317210.

Change-Id: I7fff23e39b67a9a0aa1b2e555920d02ae38906d9