Allow a VPN to be declared bypassable.

A VPN declared bypassable allows apps to use the new multinetwork APIs to
send/receive traffic directly over the underlying network, whereas without it,
traffic from those apps would be forced to go via the VPN.

Apps still need the right permissions to access the underlying network. For
example, if the underlying network is "untrusted", only apps with
CHANGE_NETWORK_STATE (or such permission) can actually use it directly.

New API with stub implementation to be filled out later.

Bug: 15347374
Change-Id: I8794715e024e08380a43f7a090613c5897611c5b