Initial pass at denylist filtering.

As part of an upcoming feature, we're anticipating the need to match
arbitrary byte sequences, such as Bluetooth UUIDs or MAC addresses,
and this change begins staging a "denylist" that can be updated
via DeviceConfig.

This change is a no-op due to being guarded by a feature flag;
future changes will add nuance that inspects the actual state of
the destination app to decide if filtering should be applied.

Bug: 181812624
Test: atest BluetoothTests:android.bluetooth.le
Test: atest FrameworksCoreTests:android.os.BytesMatcherTest
Change-Id: I4b60892775c7333086d42a7db28acb8ec09da245