Replace smack rule storage with straight-from-db rule loader

Replace smack rule storage with straight-from-db rule loader

Details:
* remove %{TZ_SYS_VAR}/security-manager/rules{,-merged} directories
* add security-manager-rules-loader that
** performs database migration/recovery
** writes smack rules from a coherent database directly to load2
* add generate-rule-code generator that translates rule templates
  (*.smack files) into c++ code for use in the loader
* remove security-manager-init-db binary and replace its invocation with
  sh$ security-manager-rules-loader no-load
* replace dd invocation with security-manager-rules-loader in the rule
  loader service
* add explicit dependency to ensure the loader runs before the manager
* refactor manager code
** remove the majority of database migration/recovery code on grounds of
   loader having run beforehand
** replace defensive remnants of said code with an emergency invocation
   sh$ security-manager-rules-loader fallback-only
   to apply fallback on database schmea errors
** remove rule file maintenance (not needed anymore)

TODO:
* *.smack template files are still used by the manager at runtime,
  removing them is optional and would require a substantial refactor
  best placed in a separate commit

Pros:
* optimize flash usage (rule files were prone to quadratic explosion)
* solve database-rulefiles coherence problem
* make the rule loader performance more scalable and typically better
* simplify and speed up the manager a bit by dropping rule file code

Change-Id: I7d79d5ec7e66c9dfe6563dbb3f76bf6ab6669589