FUL fallback is no longer account login - fix b/7280196

When Face Unlock failed the maximum number of times (3), it was asking
for account login when it should have been asking for the backup lock
that the user chose when setting up Face Unlock.

This change splits the isBiometricUnlockEnabled() function into two.
One of them strictly checks whether it exists and is selected.  The
other one checks whether too many attempts have occurred.  When
deciding which backup to choose, the decision is now based only on
whether Face Unlock is enabled.  Checking whether too many attempts
had occurred caused the bug because the check indicated it had already
'fallen back' to pattern, and the backup for pattern was being
selected instead of the backup for biometric unlock.

Change-Id: I6b9cf2c5155e8c14933cbfc8f5d58ebc007e53cb