Initial file-based encryption public APIs.

Define two explicit directories where device-encrypted and
credential-encrypted data will be stored.  Third-party apps only
need access to the device-encrypted directory, so that's the only
API exposed for now.

General cleanup in how ApplicationInfo details are derived.

Bug: 22358539
Change-Id: If0a0108721a4aa1c3052b4912e08604bbf24e1ae