Disallow external storage access without restricting other api calls

Currently, sandbox cannot call any apis from StorageManager that checks
calling package has same uid as calling uid. This CL fixes that by using
pm.isSameApp() api.

Additionally, since Environment.java fetches the initial application
context, the uid for that does not fall under the sandbox uid range. It
falls under app uid range. We fix the problem by checking for
PROPERTY_NO_APP_DATA_STORAGE flag on the application.

Bug: 228424287
Test: atest CtsSdkSandboxInprocessTests (see ag/17657742)
Change-Id: I8d9fca369cfbed47b40a42a44a40ff73acb712ec