Avoid calling self through public APIs.

We'd like to enforce that all incoming Binder calls have valid
AttributionSource UID information, but this uncovered trouble in
cases where the Bluetooth stack was calling back into itself.

We could solve this with Binder.clearCallingIdentity(), but making
that widespread change risks data leakage.  Instead, this change
replaces all places where ProfileService calls BluetoothAdapter
with direct calls to the internal AdapterService.

We also pivot to obtaining all BluetoothDevice instances using
the getAnonymousDevice() method which removes any AttributionSource
to ensure they can't be accidentally used locally; these instances
are always returned back to remote callers where the relevant source
is populated by Attributable.setAttributionSource().

Bug: 188391719
Test: atest BluetoothInstrumentationTests
Change-Id: Idb55693557c0c6ab689d9e37f3e2e9ab4587da12