Add new system service which enforces SLS allowlist.

The new service will intercept all activity starts in communal mode and
enforce that the activity is allowed by ensuring the user has enabled
the package and the activity has showWhenLocked=true.

Test: locally on device
Test: atest FrameworksMockingServicesTests:CommunalManagerServiceTest
Bug: 191994709
Bug: 191996331
Bug: 200324021
Change-Id: I1892881481cf055bd4938d4cf0b624027ec2be3e