Simplify initializeSyntheticPasswordLocked()

Originally, initializeSyntheticPasswordLocked() could be called with a
nonempty LSKF when migrating an existing user to SP.  However, now it's
only called with an empty LSKF (except from unit tests, which can use
setLockCredential() instead), as this migration support has become
obsolete and has been removed.  Therefore, simplify it by removing the
credential argument and making it assume an empty LSKF.

Also make initializeSyntheticPasswordLocked() stop explicitly clearing
the protection on the user's CE key and auth-bound Keystore keys.  This
is unnecessary, since the LSKF is known to be empty, and therefore these
protections cannot be set already.  Probably this unnecessary code was
included just for symmetry with the nonempty LSKF case.

Bug: 232452368
Change-Id: I0b9a2f8348d2a0b490cd1c637619c789f1fec582