Skip announcing restricted interfaces only to sandboxed clients

There are a few issues with the current approach: first of all, it is not as secure as we thought it was originally. The desktop files can be changed or overriden by the user, which negates all the benefits.

The second issue is that it contributes some overhead caused by kwin going through all applications trying to find the matching service when launching a new application.

In general, a better approach to restrict privileged interfaces is to use the security context protocol. It's simpler and more secure than the current approach.