VPN profile: break up lockdown mode validation

Previously, there is one single method to test whether the current VPN
profile is a valid configuration for lockdown (always-on) VPN. In order
to provide a clearer feedback to the user regarding which part of the
profile is incompatible with the lockdown mode, we break the orginal
isValidLockdownProfile method into various parts, which can be called
individually to identify the exact reason for lockdown being disabled.

Test: manual
Bug: 29208008
Bug: 28072644
Change-Id: I1703742fe3d18d771c7f8d029cb89c2c28737c1b