Make printing framework encryption-aware.

Only create UserState objects when a user has been unlocked, meaning
we can connect to the spooler.  Ignore package events that occur
while a user is locked, since we'll kick off updateIfNeededLocked()
when that user is eventually unlocked.

In all other cases, throw if someone tries obtaining UserState for
a still-locked user.  This should help catch any edge cases in the
system, and communicate clearly through public APIs that printing
isn't available until the user is unlocked.

Bug: 26246836
Change-Id: If15744621890baee206d355484fe20933afc65d8