Delegate mkdirs() to vold when lacking perms.

Apps without sdcard_r or sdcard_rw are still able to write to
their package-specific directory, but someone needs to first make
that directory on their behalf.  This change will delegate the
mkdirs() call through to vold when an app fails to create directly.

MountService validates that the path belongs to the calling user, and
that it's actually on external storage, before passing to vold.

Update Environment to make app-vs-vold paths clearer.

Bug: 10577808
Change-Id: I43b4a77fd6d2b9af2a0d899790da8d9d89386776