Fix #2251837; better response when provisioning is required.

* Currently, we validate EAS accounts using a command that will
  succeed even if we do not support required security policies.
* This causes a confusing "invalid username or password" error
  when trying to sync with a validated account in the case that
  there are, in fact, required policies
* The fix is to send a sync command after validating the user name
  and password; a 403 error indicates the requirement for
  security policies.
* When we see the 403 error, we put up a message that is appropriate
  to the situation.

Change-Id: Ic40820253dca1f357297b2355ad987bc39d0775f
2 files changed