Generate challenge and reset lockout only if user has enrolled biometrics

Fixes: 132723654

Test: Lockout reset still works
Change-Id: I28fcbd22cd0b89082d5183382649d9c3095dd595