Use bpf maps to store permission information

In newer kernels, we can use cgroup socket filter to control inet socket
creation at run time instead of paranoid network kernel check. To
achieve that, we need to get the permission information from system
server when device boots or new packages are installed. This patch
provides a binder interface to do that and stores the information in a
bpf map. It also records the uids that have permission
UPDATE_DEVICE_STATS so netd no longer needs to query that from the
system server.

Bug: 111560570
Bug: 111560739
Test: netd_unit_test, netd_integration_test

Change-Id: I0c5919d85136feec44c4406ee0bd0028b131b942