Don't allow non-authorized apps to access auth tokens

For restricted profiles, if an app tries to guess an account name and
requests an auth token, even though the framework is going to prompt
for permission, it could be authorized by someone who can't read.

If the app is not opting in to see accounts, don't let it get auth tokens
by verifying first that it's in the list of known accounts.

Bug: 8736380
Change-Id: I6caf88cfe14aa1023d55bcb28ad80ccd89eeb79b