Do not check user escrow state if synthetic password is not enabled yet

1. when adding escrow tokens, do not throw SecurityException if the user hasn't
   migrated to synthetic password yet.
2. during migration, activate any pending escrow tokens.
3. Disable escrow before attempting to activate escrow tokens, this currently
   includes whenever the user authenticates, and when synthetic password
   migration happens.

Also, add some comments in SyntheticPasswordManager and remove an invalid call
to destroy escrow data.

Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests
Bug: 36776133
Change-Id: If4b9d385fb43e09d90b6dde6d25b4fcc0c6b7ddc

0 files changed, 0 insertions, 0 deletions