Support and use TAG_ALLOW_WHILE_ON_BODY

There are three changes in this CL:
1. Persist all characteristics provided at the time of key creation.
   We do this to avoid device-specific keymaster implementations
   stripping keys they are not aware of.
2. Add an onDeviceOffBody API method that will be called whenever a
   wearable device is detected to have been removed.
3. Check whether a key was created with TAG_ALLOW_WHILE_ON_BODY and
   the device has gone off-body since the last auth event when
   deciding whether it can be used.

BUG: 30701680
BUG: 28911985
Change-Id: I6be3af3dee8e576fe713dfdd726502d8b333f224
9 files changed
tree: 0d9ef0ef9ddfec5fbb186264f4e888332d42db76
  1. keystore/
  2. keystore-engine/
  3. softkeymaster/
  4. MODULE_LICENSE_APACHE2
  5. NOTICE