No direct Uri grants from system.

The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions.  Instead,
the system should always be a mediator between two specific apps, and
it should be using startActivityAsCaller() if it needs to extend
permissions.

Blocking at this level fixes an entire class of confused deputy
security issues.

There is a small exemption for the "com.android.settings.files"
authority which is used for photo cropping in the Settings app.

Test: builds, normal intent resolution UI works
Bug: 33019296, 35158271
Change-Id: I3f0de58facedab8767541291b5dfa022fa2e4414