Don't trip up when deleting strict iptables rules.

Currently, when applying a cleartext policy to a UID,
StrictController will attempt to delete all possible policies
that might previously have applied to this UID. Because only
two of these rules can exist at any given time, at least one
of these deletes is guaranteed to fail, causing the whole
operation to fail.

Instead of adding a log or reject rule for every UID, add a
rule that sends that UID to its own chain which then contains
the log or reject rule. That way, deleting the previous policy
only requires deleting the chain, which is something we know
exists.

Bug: 64988066
Test: netd_{unit,integration}_test pass
Test: android.os.cts.StrictModeTest passes
Change-Id: Ic9d66220a65f2ce9510c4194e7b874d3d5dca5d7