Fix bug #1873249i: Apps can DoS/brick device

This is the problem where various things are listening for broadcasts
(such as battery status, PIN/PUK/Network) that an application can send
to cause harm to the system.

Solving this is tricky because many of these broadcasts are sticky,
and I have never figured out how to do permissions with sticky
broadcasts in a sane way.  So instead, I am going to punt on the
general problem and just brute force it:

There is new a way for system components to declare specific
broadcast actions to be protected, which means that only the system
and the phone can send them.  This is good enough for now.  None
of it is exposed in the public API so we can make something a little
less stupid in the future if we ever need to.