[keyring-controller] Provide a safe way to interact with keyring instances

[mikesposito]

After #4182 is merged, KeyringController will be responsible for ensuring each operation is mutually exclusive, updating keyring instances and the vault in the same mutex lock.

However, the ability of clients to have direct access to a keyring instance represents a loophole, as with the current implementation they don’t have to comply with the rules enforced by the controller: we should provide a way for clients to interact with a keyring instance through safeguards provided by KeyringController.

The current behavior is this one:

1. Client obtains a keyring instance through getKeyringForAccount
2. Client interacts with the instance
3. Client calls persistAllKeyrings

We should, instead, have something like this:

1. Client calls a withKeyring method, passing a keyring selector and a callback
2. KeyringController selects the keyring instance and calls the callback with it, after locking the controller operation mutex
3. Client interacts with the keyring instance safely, inside the callback
4. KeyringController, after the callback execution, internally updates the vault and then releases the lock

[desi]

We need 2 additional issues for each client. @mikesposito Would you mind creating those issues?