On strongAuthChanges, update fp & face states

Previously, we relied on other state to update which
would trigger updateBiometricListeningState. Instead
of relying on other triggers, directly update
the biometric listening state if strong auth
or non-strong auth allowed states change.

Don't run face auth or detect if device is locked down by the
user. However, if bypass is enabled and the other strongauth
requirements are triggered (ie: idle timeout, timeout, encrypted,
dpm lockdown, after boot), then run detectFace if its supported.

Bug: 259908246
Bug: 258513069
Bug: 260682144
Test: atest KeyguardUpdateMonitorTest
Change-Id: If03a1525832dfb8366c36757ebc84c0dead51b9f