Kill off callback reference as soon as credential is verified

During lockscreen verification, the caller-supplied callback is
strongly-referenced by a binder object passed into system server.
As a result the callback (which can be a heavyweight object like
the activity implementing the callback) cannot be garbage-collected
until the binder object is GC'ed at the system server side, which
the caller have no control over. Mitigate this by cutting the link
between the callback and the binder object as soon as the callback
is invoked.

This helps fixing the issue that we still see password shards
in Settinng's heap, even after credentail verification has long
been completed.

Bug: 144537463
Test: manual
Change-Id: I4dce3237c5e831b2077d5e9bc6f53d2c36064f78