Keystore 2.0 SPI: KeyStoreCryptoOperationUtils

Keystore 2.0 does no longer report an error code if an operation
requires user authorization. Instead this is indicated by sending us
an operation challenge. In that case we have to check if the
authorization can possibly succeed. We changed the utility class by
adding a predicate function that checks exactly that, and we handle
other errors separately instead of having one exception handling path
that does all.

Test: None
Bug: 159476414
Change-Id: I9a373cf8f0a0b181df54c26fe314d71b6835bb97