Restorecon /microdroid_resources in setup_selinux

The main reason for running restorecon of /microdroid_resources during
the setup_selinux stage is to avoid granting init some weird permissions
like `allow init tmpfs:file relabelfrom;`.

Instead we add such permissions to kernel domain in which setup_selinux
runs. This feels better since kernel domain already has similar
permissions like `allow kernel rootfs:file relabelfrom;`.

Bug: 287593065
Test: run microdroid vm with vendor partition
Change-Id: I82ef5499392e90f53655f7582e887d0b6cb3a5f0