[GWP-ASan] Enable recoverable GWP-ASan for apps.

Currently, GWP-ASan is opt-in, and requires an app to set
`gwpAsanMode=always` in the manifest. If `gwpAsanMode` is unspecified,
or `gwpAsanMode=default`, then no GWP-ASan is enabled.

Let's flip that to the new recoverable mode, which catches
heap-use-after-free and heap-buffer-overflow using sampled page
allocations (as per normal GWP-ASan), but now doesn't crash the app when
it's detected.

Also, provide a kill switch that we can use if we discover problems in
the field, which can be pushed if necessary with go/android-exp.

Bug: N/A
Test: Build a device with this enabled, use some debugging apps that
trigger a use-after-free to test the mode is working as intended.

Change-Id: I03b1478c148b9f9cfaeaa16ed273f107b55f9057