Goal is to ensure that unreviewed and untrusted code isn't sent through
CQ to try bots, by accident or through malicious intent.

The following is the difference in CQ behavior after this CL lands:
1. CQ will start aborting CQ dry run triggered by contributors on
somebody's else change.
2. CQ full run will abort immediately if there are unsubmitted
dependencies.
3. CQ dry run by a non-change-owner will abort if there are unapproved
(w/o CR+2) dependencies.

R=geofflang@chromium.org,jmadill@chromium.org
BUG=692618,692613
NOTRY=True

Change-Id: I433998def4b97e2bad90da5980bf3f2b40a2e6f9
Reviewed-on: https://chromium-review.googlesource.com/443070
Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>