Support disabling Weaver on unsecured users

As a temporary workaround for devices whose Weaver HAL does not work
reliably during boot, add a config option that disables the use of
Weaver to protect the synthetic password of users with no LSKF.  Make
the option take effect when creating any new SP protector.  Also make it
take effect when upgrading, by replacing the existing SP protector if
needed.  If there is an existing SP, also ensure that the CE key is
encrypted by it and that the Keystore super keys have been initialized.

Bug: 356324437
Test: atest FrameworksServicesTests:com.android.server.locksettings
Flag: EXEMPT uses config option instead
Change-Id: Ie67f0141e61bd895c92851bdd4f1352b6c7b6776
Merged-In: Ie67f0141e61bd895c92851bdd4f1352b6c7b6776
(cherry picked from commit c5ec1dad)