Cope with mixed KeyMint/Keymaster-4.x devices

The keystore2_client_tests have an implicit assumption that any
StrongBox implementation on the device is of the same type (KeyMint or
Keymaster) as the TEE implementation on the device.

However, waivers have been issued for some device types that allow a
mixed combination: StrongBox implementing Keymaster, TEE implementing
KeyMint.

Coping with this requires a pervasive change to use a new `SecLevel`
struct that holds the security level enum value that's associated
with an `IKeystoreSecurityLevel` object, so it's possible to perform
different behaviour for Keymaster/KeyMint on a per-security level basis.

- Add and use `SecLevel::tee()` and `SecLevel::strongbox()`
  constructors.
- Move test utilities to take and use `&SecLevel` throughout.
- Canonicalize import ordering along the way.

Then use the `SecLevel::is_keymaster()` and `is_keymint()` methods
to ensure that test behaviour is specific to the device under test,
not just the default device.

Also, device unique attestation was only introduced in KeyMaster 4.1,
so skip those tests if the StrongBox device is not of that level.

Bug: 336695416
Test: keystore2_client_tests
Test: keystore2_test_utils_test
Test: legacykeystore_test
Change-Id: Ie470ec293fcca0cae772a529d8d38ef2d81f2710
21 files changed