Don't use backup restricted mode in certain cases

In this change we introduce a new ApplicationManifest property which
allows apps to specify whether they want to be put in restricted mode
for B&R operations. If the app explicitly set the property, it's always
respected.

If the app has not set the property then we use targetSdk gating:
* For targetSdk < 36, we keep the status quo and put the app into
  restricted mode.
* For targetSdk >= 36, we call a new API to the BackupTransport for it
  to make a decision on a per-package basis.

Some implementation details explained:
* In order to not block process creation in ActivityManager on an IPC to
  the BackupTransport, we call the transport earlier in
  PerformFullTransportBackupTask (for backup) and
  PerforUnifiedRestoreTask (for restore). We cache the list in memory in
  BackupManagerService.
* When AMS#bindBackupAgent is called, the BackupManagerService tells it
  whether to use restricted mode. AMS stores this in the existing
  BackupRecord data class and uses it in attachApplication().
* PerformUnifiedRestoreTask is an extremely untestable state machine and
  testing this properly is difficult without a significant rewrite so
  I'm using @VisibleForTesting.
* Seems like AMS#attachApplication also requires a lot of mocking so
  couldn't add tests there.

Flag: com.android.server.backup.enable_restricted_mode_changes
Bug: 376661510
Test: atest (see tests changed) and manually with a test app that
  defined its own Application subclass.

API-Coverage-Bug: 379086316
Change-Id: Ie060890131ba526d58ec9134e52fd80acc23ef63