Add update packages permission

This subset of INSTALL_PACKAGES allows a privileged application to
install updates to existing applications but not install new
applications.

When combined with INSTALL_SELF_UPDATES this allows privileged apps to
be granted finely scoped install privileges based on their intended
usage instead of the more broad INSTALL_PACKAGES permission.

Test: WIP
Bug: 68731532
Change-Id: Ifbb6f5a18d9e8ff06270fd79ed031b99242c6fa3