On-device signing: fall back to TEE.

In case a SE is not available.

Bug: 165630556
Test: creating a keystore key works on cuttlefish
Change-Id: Ida97fa9536ca8b6a4fefb959f882f3a820c89514
diff --git a/ondevice-signing/KeystoreKey.cpp b/ondevice-signing/KeystoreKey.cpp
index cd5c398..de7033f 100644
--- a/ondevice-signing/KeystoreKey.cpp
+++ b/ondevice-signing/KeystoreKey.cpp
@@ -140,8 +140,10 @@
 
     auto status = mService->getSecurityLevel(SecurityLevel::STRONGBOX, &mSecurityLevel);
     if (!status.isOk()) {
-        // TODO fallback to TEE
-        return false;
+        status = mService->getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT, &mSecurityLevel);
+        if (!status.isOk()) {
+            return false;
+        }
     }
 
     auto descriptor = getKeyDescriptor();