Make lockUser() handle resetting strong auth flags and password metrics

Currently, a user's strong auth flags are set to the default value
(usually STRONG_AUTH_REQUIRED_AFTER_BOOT) by onUserStopped() if the user
doesn't allow delayed locking, or by lockUser() if the user allows
delayed locking.  But, when a user that doesn't allow delayed locking is
stopped, by definition they are locked right away, i.e. onUserStopped()
is followed by lockUser().  Let's simplify by making lockUser() handle
the strong auth flag reset for all users.  This is an action associated
with the user being locked, not stopped per se, so this makes sense.

Do the same for the password metrics removal too.  This was actually
missing for users that allow delayed locking.

Also remove the unnecessary asynchronous processing on the handler
thread.  requireStrongAuth() itself is already asynchronous.

Bug: 319142556
Flag: android.security.reset_auth_flags_and_metrics_in_lock_user
Test: atest FrameworksServicesTests:com.android.server.locksettings
Change-Id: I01b3da11ddcb7d067c0edd63df82adbf20978dcc