Don't offer crypto ops for public keys of trusted cert entries.

Android Keystore cannot offer crypto operations for public keys of
trusted certificate entries (entries without a private key). Prior to
this CL it accidentally tried to do so, causing crypto operations on
these keys to fail.

The fix is for Android Keystore to offer crypto operations only for
public keys for which there is a corresponding private key in the
keystore. Crypto operations on public keys from trusted certificate
entries will be handled by other installed crypto providers. Those
providers don't need a private key to carry out these operations on
public keys.

Bug: 22091725
Bug: 21835320
Change-Id: Ib7d92b067711e4c57128d0db72c08bf288a45ce1