Provide a way to disable socket() and DNS lookups in libnetd_client.

This is a Client-only solution.
  - Add to NetdClient a per-process std::atomic_boolean
    similar to netIdForProcess and netIdForResolv.
  - The boolean says whether the process should be
    allowed Internet connectivity.
  - Add an @hide method to NetUtils.java to set the boolean;
    call it from the initialization code of the new
    process just after forking from zygote.
  - Make netdClientSocket and dnsOpenProxy check the
    boolean. If the boolean is false, return EPERM from
    socket calls.

Bug: 150028556
Test: atest netd_integration_test
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
Change-Id: Ic697afd284ba250e56bd9492241452762da15770