neverallow /data/anr access for isolated/untrusted apps

Add a neverallow rule (compile time assertion + CTS test) that
isolated_apps and untrusted_apps can't do anything else but append
to /data/anr/traces.txt. In particular, assert that they can't
read from the file, or overwrite other data which may already be
in the file.

Bug: 18340553
Bug: 27853304
Change-Id: I249fe2a46401b660efaa3f1102924a448ed750d5
2 files changed