Fix race leading to spuriously disabled trust agents

If TrustManagerService is able to refresh the trust agents before
the Settings activity gets a chance to reenable the lock pattern,
the TrustManagerService won't see a secure credential and won't
load any agents. This was introduced when we switched to isSecure
instead of getKeyguardStoredPasswordQuality. The latter ignored
the lockPatternEnabled flag.

Bug: 18596036
Change-Id: I2734899f7684916fc84bc3a07edca29310887103