On strongAuthChanges, update fp & face states

Previously, we relied on other state to update which
would trigger updateBiometricListeningState. Instead
of relying on other triggers, directly update
the biometric listening state if strong auth
or non-strong auth allowed states change.

Don't run face auth or detect if device is locked down by the
user. However, if bypass is enabled and the other strongauth
requirements are triggered (ie: idle timeout, timeout, encrypted,
dpm lockdown, after boot), then run detectFace if its supported.

Fixes: 259908246
Fixes: 258513069
Fixes: 260682144
Test: atest KeyguardUpdateMonitorTest
Change-Id: If03a1525832dfb8366c36757ebc84c0dead51b9f
Merged-In: If03a1525832dfb8366c36757ebc84c0dead51b9f