Fix profile lockscreen override.

KeyStore.isEmpty() needs to be called under the system UID (as it needs
KeyStore's P_ZERO permission), otherwise it'll always return false.
Achieve that by moving the requireSecureKeyguard() implementation into
the DPM service.

Also take the opportunity to clean up the code a bit.

Change-Id: Ice648f2050f22ee5f27332f23a850f1e90befb94