Setup proper sandbox policy for pdf compositor service

Pdf compositor service is a utility service that uses skia to render
and generate pdf document. Thus it needs to access local font system.
On Linux, it needs 'uname' to get user agent. So, on Windows and Mac,
it resembles ppapi process in term of sandbox policy. On Linux, it is
closer to utility process's sandbox requirements. To make its
requirements clear, we create a new service sandbox type for it, and
apply appropriate policy on different platforms.

TBR=jam@chromium.org
BUG=455764

Change-Id: I7c7aeb40e5e0b09fe29887532c06d2abc04969d6
Reviewed-on: https://chromium-review.googlesource.com/695781
Commit-Queue: Wei Li <weili@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506514}
13 files changed