Device Owner, a special kind of device admin

A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.

Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.

Opened up a few related APIs for use by a system-installed Device Owner.

Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5