Always set CE key protection in migrateUserToSpWithBoundKeysLocked()

The conditions for skipping setCeStorageProtection() in
migrateUserToSpWithBoundKeysLocked() have been causing some confusion.
They exist only to avoid some misleading log messages from vold during
this migration.  Let's just remove these conditions and run
setCeStorageProtection() unconditionally, like what is already done for
initUserSuperKeys().  I will try to improve the log messages in vold.

Test: Upgraded a device from UQ1A to main with this CL
Flag: EXEMPT should only affect log messages.
Change-Id: I30b74162bc36c5e4fc614fe64d05c8b3bf19e73c