Implement DISALLOW_GRANT_ADMIN restriction in UserManager APIs

Implement access restriction based on "DISALLOW_GRANT_ADMIN" restriction for preventing the use of setUserAdmin and revokeUserAdmin functions.
This change is particularly important for child unicorn users who have this restriction in place. It guarantees that they are never elevated to admin privileges or grant admin access to others.

Also implemented the same restriction in the createUser flow to restrict the child users having DISALLOW_GRANT_ADMIN restrictions in place to create new ADMIN users.

Bug: 357636075
Test: UserMangerTest -c
Flag: android.multiuser.unicorn_mode_refactoring_for_hsum_read_only

Change-Id: I69bd4bf34c8c3a21947637d3246c5b9e280d5833