Restrict {AM,WM}.closeSystemDialogs()

As part of locking down Intent.ACTION_CLOSE_SYSTEM_DIALOGS, we need to
protect AM.closeSystemDialogs() too (which ends up calling the broadcast
under the system UID). We should also protect WM.closeSystemDialogs(),
which is slightly different in that it asks windows/views to close
themselves, for the same reasons that we protected the intent and for
consistency too. Check go/close-system-dialogs for details on the
general effort.

To achieve this we move the logic from AM to WM, since we can't call out
from WM to AM. Part of the logic was already in WM (the trampoline
case), so I mostly moved code from AMS to wm.ATMS. The part I had to
wire from AM was the sourceUid of the instrumentation, but that fit
nicely since we had to pipe similar information before for BAL too.

Bug: 159105552
Test: atest CtsAppTestCases:android.app.cts.CloseSystemDialogsTest
Change-Id: Ib720fdb2a0a044bf4d05471b32a9b99d3684ae2d