LockSettingsStorage: avoid unnecessary directory syncs

When a new file is created, syncing the parent directory is needed for
the file to be guaranteed to be present after a crash.  Unfortunately,
directory syncs can be very expensive.  On f2fs, each directory sync
causes a filesystem checkpoint.  For this reason, parent directory syncs
aren't often done; AtomicFile doesn't do them.

LockSettingsService currently syncs the parent directory after every
file it writes.  This causes some significant overhead.

It's important that locksettings files be properly synced.  However,
most of these files are created at the same time and in the same
directory: the synthetic password state directory.  Specifically, this
happens when the synthetic password and the initial LSKF-based protector
is created, and also whenever another protector is added.

Reduce the overhead by batching up these updates and just syncing the
synthetic password state directory at the end of creating a protector.

Test: 16.3 ms reduction in average time for 'locksettings set-pin' on a
      low-end device.  (That was the easiest thing to test.  However,
      probably more important than that is that this change will improve
      first boot performance slightly, too.  That's when user 0's SP is
      created, and lots of other things are going on during the first
      boot, which might make fsyncs extra expensive at that time.)
Bug: 232452368
Bug: 251131631
Bug: 251147505
Change-Id: Ia0cfc6a36eb6cfb05433bc772d4fd5843d30e6df