init: Temporarily relax kptr_restrict for bpfloader

Temporarily lower /proc/sys/kernel/kptr_restrict to 1 during BPF
program loading. This is necessary for eBPF CO-RE programs which
require access to kernel symbol addresses to function correctly.

The init.rc script now sets kptr_restrict to 1 just before
starting the bpfloader service and restores it to 2 immediately
after the synchronous exec_start bpfloader comamnd completes.

init is single-threaded and exec_start ensures no other init
commands are processed until bpf-loading is complete.

This ensures that kernel symbol addresses are only exposed during
the brief window they are needed, for loading bpf progs.

Furthermore, access controls is still ultimately determined by
both sepolicy for reading /proc/kallsyms and the CAP_SYSLOG
capability.

Bug: 419635765
Bug: 438637519
Test: manual; ag/35064705 can sucessfully resolve kernel symbols.
Change-Id: I2659c1af19664b9e863db6dc0a24acb83c7755a7
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>