Repeat proxy limit callback only when exceeding high threshold again.

This approach is a bit safer, in the following scenario:

- App A starts spamming system_server
- App A exceeds the high proxy threshold, limit callback is invoked
- system_server kills App A, but GC doesn't run for a while
- App A doesn't spam system_server, but still exceeds 1000 proxies
- App A gets killed again, because the limit callback is done after
only a 1000 new proxies accumulated.

Because the GC of the original 6500 proxies is out of the app's control,
it is more correct to only kill them again once they exceed the high
threshold again.

This does increase the chance we hit the global limit, which is set at
20000 proxies. This is because the high threshold is currently set at
6500 proxies, meaning any app can hold 13000 proxies before we know for
sure a GC will clean at least half of them up. So this change should be
accompanied with a slight increase of the global limit.

Bug: 198340142
Test: N/A
Change-Id: Ifc69b02f77f98eca79afb1ad7a2f1a0f741d4509