Only crop photos owned by Settings.

A recent security change locks down the ability for the system UID to
issue Uri permission grants.  This helps mitigate an entire class of
confused deputy security issues.

However, Settings (which runs as the system UID) was still relying on
issuing Uri permission grants to the photo cropper.  The simplest way
to keep that working is to add the "com.android.settings.files"
authority to a whitelist, and only request cropping of Uris from that
location.

This means that if the GET_CONTENT decides to return a Uri (instead
of streaming it into mTakePictureUri), then we need to copy it
ourselves locally before we can send it along to the cropper.

Test: builds, boots, both take/choose photos work
Bug: 33019296, 35158271
Change-Id: I2541c33e8d9452357cb9fc2e021ca74d5a43d5ff