Make password history hashing more secure

Instead of hashing the password directly which makes it possible to bruteforce
the password offline, hash the password together with the synthetic password.
This means without knowledge of the synthetic password, the hash itself is
useless.

As a consequence of this change, saving and checking historical password would
now also require the current device password to be provided. Checking password
history also takes more time due to the need to unwrap synthetic password, at
around 100-200ms.

Bug: 32826058
Test: manual
Change-Id: Icb65171b8c8b703d8f0aa3a8cb2bf7ad96c1332d