Use the creation time and when to decide whether to redact otps

When deciding whether to redact a notification with an OTP, look to see
if the notification creation time is older than the when, and choose the
earliest timestamp. This ensures that an old OTP won't cause new notification
to be redacted.

Fixes: 389606876
Test: atest NotificationLockscreenUserManagerTest
Flag: android.app.redact_sensitive_content_notifications_on_lockscreen
Change-Id: Ia1f7f16e6c4ef59ca0d2ecbc0048eeb13f60e8f9