Ensure backup doesn't reuse ack tokens nearby in time

We've seen at least one incident in the field that suggests we
used the same identifying token in back to back operations, which
breaks certain invariants in the asynchronous-completion bookkeeping.
Harden against this by making sure that we don't reuse tokens in
nearby proximity.  This is done by making the low 8 bits a sequence
count, i.e. guaranteed unique within the last 256 operations, while
keeping the upper bits random so that apps can't guess at correct
tokens.

Fix 63691912
Fix 63553575
Test: CTS backup pass to completion plus manual inspection

Change-Id: I321c3a2b3f4203836800bb72db7332bd82e54aaf