Implement recoverKeys

This implements all of recoverKeys, except for loading keys into the
AndroidKeyStore. Also omitting re-enrolling keys into the recoverable
store for now, as it is not clear whether the user will have a lock
screen set at this point. If they do not have a lock screen set, we
cannot re-enroll keys, as the platform-decrypt key is bound to the
lock screen. Also modifies SecureBox to throw AEADBadTagException for
any issues with the encrypted payload. IllegalArgumentException is
a runtime exception, so would be unexpected, but might occur if the
encrypted payload is for some reason garbage. Also, throw NPE if the
payload is null, as that is a programmer error - not something that
should ever occur at runtime.

Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I4f0be412c3044f3472a6aed514f1caf54b7ee41f