Implement persistent enable/disable of the backup manager

Backup & restore is still enabled by default, but with the expectation that it
will be enabled during the course of the Setup Wizard or some other privileged
entity that has notified the user about the ramifications.  While disabled,
data-changed notices will still be collected, but no backup pass will be
scheduled.  When the backup manager is later enabled, any pending data-changed
notices will then be processed and the apps invoked for backup.