Add and use additional VerifyCredentialResponse helper methods

Add additional methods to VerifyCredentialResponse that allow
constructing responses with various response codes and checking whether
a response has that response code.  Use these methods wherever
appropriate.  This is in preparation for removing direct checks of the
response code, which are difficult to keep track of.

Since RESPONSE_CRED_INCORRECT is a bit subtle (the credential may be
incorrect without that being the response code), don't provide a method
that checks for it specifically but rather provide a method
isCredCertainlyIncorrect() that checks for the credential being
certainly incorrect for any reason.

RESPONSE_CRED_INCORRECT was being checked for in only one place in
non-test code, and changing it to use isCredCertainlyIncorrect() makes
no difference there.  (Also, that code is flagged anyway.)  Other than
that and similar adjustments to tests that checked for
RESPONSE_CRED_INCORRECT, this CL is purely a refactor.

Bug: 423038471
Test: atest FrameworksServicesTests:com.android.server.locksettings
Flag: EXEMPT refactor
Change-Id: I9c45eb0009648497536f13922fc4bb4df7e1b5c2