Patch URI vulnerability in contact photo editing

Don't allow reading of "file://" URIs that don't point to "/storage" during the
photo saving flow.

This is to prevent malicious apps from asking us to read our own private
files which we copy into a temporary "content://" URI that we give to a
cropping app (with permission to read).

Fixing here patches both and

Manual with the fake gallery app. Confirmed that selecting an "image"
with a URI of our own shared_pref file fails without reading it.

Bug: 113597344
Change-Id: Iabb4f8139cedb7d7b865d69a4b95a4997f64c71d
(cherry picked from commit ccfd94b965c1e9c2e0b239c12137c239c602070d)
2 files changed