[AAPM] Disallow Install Unknown Sources Hook

Implement an AdvancedProtectionHook class for disallowing install unknown
sources via DevicePolicyManager restriction
DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY.

To do the above, this change introduces two hidden APIs in
DevicePolicyManager that allow setting global restrictions for system
components. They mimic the existing hidden APIs for setting local
restricitons for system components.

Bug: 369361373
Test: manually tested the restriction is set even after reboot
Test: atest AdvancedProtectionManagerTest
Test: atest AdvancedProtectionServiceTest
Test: atest DisallowInstallUnknownSourcesTest
Flag: android.security.aapm_feature_disable_install_unknown_sources
Change-Id: I80722ee489a79a316cd54f171a180b609effd80f