Shift around encryption public APIs.

There are far too many Context APIs with special directory paths
to replicate device-encryption versions of them all.  Instead, add
methods to clone a Context that explicitly stores its data in either
credential- or device-encrypted storage.

Methods to test the behavior of a given Context.

Bug: 22358539
Change-Id: I6a6290a9b282605ce9a1f82742fc2c4c50536754