Document UserProperties getter permissions

The ability to call UserProperties getters require permissions, which
are set in the Constructor code. Since it's not obvious to look in the
Constructor, we should also annotate the getters with the permission
requirements.

This cl also fixes the toString() method, which previously would have
thrown an Exception if called by a non-privileged caller.

Flag: EXEMPT bugfix
Test: atest UserManagerServiceUserPropertiesTest
Change-Id: Id3c60f3160f768bf92384410a22f53fbb907a0fb