Narrower StrictMode defaults.

Until now, userdebug and eng builds have tracked StrictMode
violations on all system apps, including prebuilts that we have no
control over, which results in a lot of unactionable noise.

This CL narrows the set of enabled apps to only "bundled" system
apps, which gives us a much higher chance of burning these violations
down to 0 and keeping them there.  We don't have a good proxy for an
app being "bundled", so we detect it based on being in the "android."
or "com.android." package namespace.

Clean up the entire flow of applying StrictMode defaults to make it
much more human-readable.  This resulted in us fixing a bug where
StrictMode was never actually enabled for jank-sensitive threads in
system_server!

Relax I/O checks in a few places where we know we're interacting with
procfs or sysfs.  Add internal "allow" methods that avoid object
allocation by returning raw mask.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.cts.StrictModeTest
Bug: 68662870
Change-Id: I536e8934fbcdec14915fcb10995fc9704ea98b29