Always call tieProfileLockIfNecessary() under mSpManager lock

tieProfileLockIfNecessary() runs under the mSpManager lock when a user's
LSKF is changed, but not when it's executed by onUserUnlocking().  In
the latter case, a race is possible where tieProfileLockToParent() tries
to generate an auth-bound key for a parent user whose LSKF has just been
removed by a concurrent thread.  This fails and throws an exception,
crashing system_server.  Fix this by ensuring that the mSpManager lock
is always held during tieProfileLockIfNecessary().

Bug: 355905501
Flag: android.app.admin.flags.fix_race_condition_in_tie_profile_lock
Test: atest FrameworksServicesTests:com.android.server.locksettings
Test: atest CtsDevicePolicyTestCases # 6 test cases failed both before and after
Change-Id: I5f8c1bcc206460c1480ce58c846e32d91898c4ce