7/n: Move Fingerprint/Face AuthenticationClients to their own file

Makes the AuthenticationClient subclasses completely modular, helping
us move to a more flexible/extendable biometric system server. This
change starts to separate modality-specific details of each
AuthenticationClient subclass (e.g. framework lockout tracking for
fingerprint, authentication stats for face). Further separation of
modality-specific details depend upon further cleanup and will be done
in a separate CL.

Bug: 157790417
Test: lockout on fingerprint/face devices and various combinations
      of auth/reject
Test: Keyguard, BiometricPromptDemo auth

Change-Id: I39ba0653f9c4a1449592fcb47c05d5c670aaf8c2