dumpstate: explicitly specify capabilities

If a service doesn't specify any capabilities in it's definition in the
.rc file, then it will inherit all the capabilities from the init.
Although whether a process can use capabilities is actually controlled
by selinux (so inheriting all the init capabilities is not actually a
security vulnerability), it's better for defense-in-depth and just
bookkeeping to explicitly specify the capabilities that dumpstate needs.

The list of capabilities that dumpstate is allowed to use was obtained via:
```
$ adb pull /sys/fs/selinux/policy /tmp/selinux.policy
$ sesearch --allow -s dumpstate -c capability,capability2 /tmp/selinux.policy
allow dumpstate dumpstate:capability { chown dac_override dac_read_search fowner fsetid kill net_admin net_raw setgid setuid sys_ptrace sys_resource };
allow dumpstate dumpstate:capability2 { block_suspend syslog };
```

Note: dumpstate can transfer in several other domains, but all of them
either don't need any capabilities:
```
$ sesearch --allow -s vdc -c capability,capability2 /tmp/selinux.policy
$ sesearch --allow -s perfetto -c capability,capability2 /tmp/selinux.policy
$ sesearch --allow -s derive_sdk -c capability,capability2 /tmp/selinux.policy
```

Bug: 249796710
Test: atest BugreportManagerTestCases
Test: presubmit
Change-Id: I6f03675b60d69063c3d944b370f4a8d325cfa7f9