Delayed ASEC allocation, refine progress handling.

For restore use-case, session creation needs to complete quickly, so
delay ASEC allocation until session is opened.  When preflighting
size checks, only consider external when we have a known size for the
container.  Also relax size checks when using MODE_INHERIT_EXISTING
on external, since we don't know how much of existing app will be
copied over.

Consider session as "active" while commit is ongoing, until we're
either finished or pending user interaction.

Always publish first client needle movement away from 0.  Use 25% of
internal progress to reflect ASEC allocation.

Avoid CloseGuard messages about leaking PFDs.

Bug: 17405741, 17402982
Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2