Keep existing policy when calling setCleartextTrafficPermitted

When calling setCleartextTrafficPermitted, the NetworkSecurityPolicy is
replaced with a new policy, with a specific value for
cleartextTrafficPermitted. It means that any other attribute of the
policy is dropped (i.e., isCertificateTransparencyVerificationRequired).

Update setCleartextTrafficPermitted to overlay the current policy
instead of replacing it. Rename FrameworkNetworkSecurityPolicy to
OverlayNetworkSecurityPolicy to better reflect the behaviour of this
class.

Bug: 354824117
Test: presubmit
Test: atest CtsSecurityTestCases:android.security.cts.StagefrightTest
Flag: EXEMPT bugfix
Change-Id: I653f4cf78ee34b0a9b1ccaf21a8137c4a39365bb