Block crash_dump from no_crash_dump_domain

These domains already can't transition to crash_dump, but also need to
make sure crash_dump can't be run and pointed at them.

Bug: 218494522
Test: Builds
Change-Id: I76f88faf8ff4c88e85eaf6a8db546dc644a71928

microdroid/system/private/crash_dump.te

@@ -57,6 +57,7 @@ allow crash_dump {
   -init
   -kernel
   -logd
+  -no_crash_dump_domain
   -ueventd
   -vendor_init
 }:process { ptrace signal sigchld sigstop sigkill };
@@ -67,3 +68,5 @@ userdebug_or_eng(`
     logd
   }:process { ptrace signal sigchld sigstop sigkill };
 ')
+
+neverallow crash_dump no_crash_dump_domain:process ptrace;