API for individual attestation

Introduce a new API to request use of individual attestation
certificate for attesting keys generated by the
DevicePolicyManager.generateKeyPair method.

It builds on existing device ID attestation capabilities in two ways:
(1) Eligibility check: Assuming similar privacy requirements for the use
    of individual attestation certificates, enforce the same conditions
    for using them as the conditions for requesting device identifiers
    in the attestation record.
(2) Keymaster interaction: Passing the right Keymaster tag to the
    attestKey call, which is easily done in AttestationUtils.

Bug: 136494773
Test: CTS test to be added.
Change-Id: Idb5cee66d986a521c17e1955532d0bfae66c035d