Consider using `@RestrictedApi` annotation instead of run-time security checks

[alexander-yevsyukov]

Currently we check that certain parts of the API can be called only by the allowed classes or subpackages.

ErrorProne provides built-in support for such a protection.

Arguably, it's about the same level of protection because it's built-in into the code.