Skip firewall rules for stopped users

Adding rules to mUidOwnerMap for UIDs in stopped users takes up some
of the limited space available in that map, which can cause it to run
out of room and prevent some apps from accessing the network when an
allowlist is involved, or improperly allow them to access the network
in the case of a denylist. Skip this for users or profiles that are
not even running. Re-calculate all rules when a user or profile starts
or stops.

Test: Run `adb shell dumpsys connectivity trafficcontroller | \
sed -n '/^ *mUidOwnerMap:/,/^$/{/mUidOwnerMap/b;/^$/b;p}' | wc -l`
before and after pausing/unpausing a work profile or switching users.
The number will shrink when pausing a profile or exiting another user.

Issue: calyxos#1249
Change-Id: Icb1509893b93f729e8636ad457284e1a0b91f525