Make SensorPrivacyManager and SensorPrivacyService concurrent multi user

aware

In Automotive's Multi Display configuration, multiple Android users -
the current user (driver) and visible background users (passengers) can
interact with the device concurrently therefore may be accessing the
sensor privacy API surface concurrently. Existing code that assumes the
calling user is the current user will cause visible background users
(passengers) to be able to toggle the current user (driver)'s sensor
privacy.

Fixes include:
- Set sensor privacy for the context user instead of always assuming the
  current user.
- Enforce valid calling users by disallowing visible background users to
  toggle sensor privacy based on Automotive's product decision to only
  allow the driver to toggle sensor privacy.
- Check valid calling user before setting sensor privacy in
  onUserRestrictionsChanged because DISALLOW_MICROPHONE_TOGGLE and
  DISALLOW_CAMERA_TOGGLE are applied on visible background users in
  CarService but we don't allow setting sensor privacy on a visible
  background user.

Bug: 348510106
Flag: EXEMPT bug fix
Test: manually tested on gcar_md emulator
Test: Temporarily remove DISALLOW_MICROPHONE_TOGGLE on passengers to make
microphone toggle available on a passenger and toggling it will fail

Change-Id: Iede71fa6cd6ac2962916479b8c5751cd75e6f4e6