Journal backup requests so that they won't be lost in a crash

When an application requests a backup via dataChanged(), we now journal that
fact on disk.  The journal persists and is only removed following a successful
backup pass.  When the backup manager is started at boot time, it looks for any
existing journal files and schedules a backup for the apps listed in them, on
the expectation that the device shut down or crashed before a backup could be
performed.