Require unlocked user for AppSearchImpl.

Enforce that we'll only create an AppSearchImpl/IcingSearchEngine
instance for unlocked users. If we see an unknown user id, throw a
SecurityException. This is so that we don't accidentally write data to a
non-credential-encrypted storage.

Bug: 179406838
Test: atest FrameworksServicesTests
Change-Id: If5d1bf35a3f9fa514a42a1d152ac8d88f963ca1f