[AAPM] Introduce new Service for Android Advanced Protection Mode

We add a new service and manager, behind a feature flag. This service
will be used to enroll devices into a security conscious protection
mode, and to allow clients to customise behaviour based on the state of
this mode.

Both the query API and callback are protected by a install permission.
This may be revisited as the feature evolves.

AAPM can be turned on for testing via

adb shell cmd advanced_protection set-protection-enabled true

Bug: 352420507
Test: atest AdvancedProtectionServiceTest AdvancedProtectionManagerTest
Flag: android.security.aapm_api
Change-Id: Ibf8478235b147e9f844d80d083a5e04819e1b052