Permit CAP_SYS_NICE for virtualmachine groups

Grant CAP_SYS_NICE to CapInh/CapPrm/CapBnd for processes that can spawn
VMs.  This enables processes to execve on binaries with elevated
capabilities if its file capability bits are set. This does not grant
capability to the parent process(that spawns the VM) as the effective
bits are not set.

This allows for VMs to be able to tune for better performance.

Bug: 322197421
Test: Booted device and processes and checked that the correct
capabilities are given.

Change-Id: I9ba974495383494d24a564c66249c78176eebca9
Merged-In: I9ba974495383494d24a564c66249c78176eebca9
Merged-In: I8cc08506fa6af831fdc607246df11e06fead9f1c
Signed-off-by: David Dai <davidai@google.com>