Extend service permission list only accessible from SystemUid.

As noted in b/185746653 - for isolated_compute_app, we do not want even the holding app for the isolated-process to be able to bind to it. This was implemented specifically for HOTWORD usecase previously and missed for few other usecases.

Similar to hotword service, we are extending the same permission check
to wearablesensingservice and ondeviceintelligence service which also
run as isolated_compute_app and require this enforcement in framework.

Change-Id: I6bbe1a48de15243ace803e08c2ab7550c3612eb1
Bug: 369871251
Flag: EXEMPT bugfix
Test: added CTS in topic