During validation, handle 403 as ACCESS_DENIED

* This is more correct than handling as a provisioning error, and
  will allow Exchange 2007 servers to deny access by device type
* Also, never return an empty array in unsupported policy list;
  this leads to garbage text being presented to the user

Bug: 5533200
Change-Id: I23e6aa70970404ac986fd4a40ef4bf41cf410155
1 file changed