Permit CAP_SYS_NICE for virtualmachine groups

Grant CAP_SYS_NICE to CapInh/CapPrm/CapBnd for processes that can spawn
VMs.  This enables processes to execve on binaries with elevated
capabilities if its file capability bits are set. This does not grant
capability to the parent process(that spawns the VM) as the effective
bits are not set.

This allows for VMs to be able to tune for better performance.

Bug: 322197421
Test: Booted device and processes and checked that the correct
capabilities are given.

Change-Id: I9ba974495383494d24a564c66249c78176eebca9
Signed-off-by: David Dai <davidai@google.com>