Allow automatic unlocking of work profile by Digital Wellbeing

At the moment, keystore key protecting the cached work profile challenge
is only avaliable when keyguard is unlocked. This is to ensure an
attacker cannot turn on profile automatically from Keyguard's
QuickSettings tile without knowledge of the keyguard password. This
has the inadvertent side-effect of blocking digital wellbeing app
from scheduling turning on profile in the background when the device
is most likely to be locked. Fix by allowing DWB to bypass the
keyguard unlocked requirement when
QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED is passed in.

Implementation wise, this is done by not setting the
setUnlockedDeviceRequired bit on the keystore key, but enforcing the
requirement in UserManagerService via a logical check which has the
DWB bypass condition. Existing keys are retired by the framework
assuming a new name for the encryption key.

Bug: 158069733
Test: atest QuietModeHostsideTest
Test: manual
Merged-In: I4d241a4d7f11817f5171c5b064c379ff17aeaa43
Change-Id: I4d241a4d7f11817f5171c5b064c379ff17aeaa43