Improve checkAndGetAuthenticators

1) Device credential and biometrics results are all calculated within
   checkAndGetAuthenticators
2) DevicePolicy restrictions are now appropriately reflected across all
   use cases

Fixes issues where:
  1) When device credential and biometric are both allowed, but none
     are set up. Returns BIOMETRIC_ERROR_NO_BIOMETRICS now
  2) If DevicePolicy prohibits a biometric, we no longer update the
     strength, detected, enrolled fields, which could cause unexpected
     side-effects in the result

Bug: 148398804
Test: atest BiometricServiceTest

Change-Id: Iac561b41574f132fd92fed0f8a5b4baa74f15c01