Allow setting password restrictions from a managed profile.

A managed profile will now share password settings with its parent.

- the current password is always stored in the parent
- admins of profiles are notified if that password changes
- checks for password quality now take the requirements of admins on
   the parent and its profiles into account

Todo:

- Currently KeyguardSecurityContainer wipes the whole device when
  the maximum fails has been reached on any profile.
  We need to limit the wipe to the profile for which the fails exceeded
  the maximum number.
- Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent
  of the profile when sent from a managed profile

Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e