Closes #2229: Encrypted-at-rest FxA state storage support

[grigoryk]

This patch adds a version of AccountStorage which is backed by an encrypted-at-rest shared-prefs implementation,
SecureAbove22Preferences. As the name suggests, encryption at rest is enabled only for Android API levels 23+.
Otherwise, plaintext storage is used. SecureAbove22Preferences will handle API level upgrades behind the scenes,
if necessary.

In order to support rolling this out, SecureAbove22AccountStorage automatically migrates account state if it was
present in SharedPrefAccountStorage. And vice-versa, SharedPrefAccountStorage will automatically migrate account
state if it was present in SecureAbove22AccountStorage. This allows applications to easily switch between two
implementations, without any ill-effects.

In order to monitor storage implementations for abnormalities (such as disappearing encryption keys), an optional
CrashReporter instance may be configured now via FxaAccountManager.

DeviceConfig gained a secureStateAtRest flag, which allows applications to specify if they'd like to encrypt
account state. This config object isn't a perfect fit for this flag, but it's close enough conceptually.

---

Pull Request checklist

• Quality: This PR builds and passes detekt/ktlint checks (A pre-push hook is recommended)
• Tests: This PR includes thorough tests or an explanation of why it does not
• Changelog: This PR includes a changelog entry or does not need one
• Accessibility: The code in this PR follows accessibility best practices or does not include any user facing features

After merge

• Milestone: Make sure issues closed by this pull request are added to the milestone of the version currently in development.
• Breaking Changes: If this is a breaking change, please push a draft PR on Reference Browser to address the breaking issues.

[grigoryk]

I've tested switching back and forth between encrypted and plaintext storage versions in samples-sync, it works quite well. Old one is cleared out, account state carried over.

[codecov]

Codecov Report

Merging #5053 into master will increase coverage by 2.25%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             master   #5053      +/-   ##
===========================================
+ Coverage     79.95%   82.2%   +2.25%     
+ Complexity     3737    3653      -84     
===========================================
  Files           506     480      -26     
  Lines         17133   15541    -1592     
  Branches       2474    2236     -238     
===========================================
- Hits          13698   12776     -922     
+ Misses         2400    1821     -579     
+ Partials       1035     944      -91

Impacted Files	Coverage Δ	Complexity Δ
...onents/support/sync/telemetry/BaseGleanSyncPing.kt	100% <0%> (ø)	11% <0%> (ø)	⬇️
...ozilla/components/service/fxa/SyncAuthInfoCache.kt
...ponents/service/location/MozillaLocationService.kt
...ature/webnotifications/NativeNotificationBridge.kt
...ozilla/components/feature/addons/AddOnsProvider.kt
...ents/browser/domains/DomainAutoCompleteProvider.kt
...ocation/search/RegionSearchLocalizationProvider.kt
...ozilla/components/browser/domains/CustomDomains.kt
...mozilla/components/service/fxa/sync/SyncManager.kt
.../src/main/java/mozilla/components/lib/jexl/Jexl.kt
... and 64 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1dcfb60...3061e01. Read the comment docs.

[csadilek]

Looks great! Just one comment / question below.

[csadilek]

Not sure where my previous comment went. It was just a nit to ask if we could instead add migrateFrom... methods to the storages. It seems the constructor parameter is easy to miss and then we'd migrate by mistake. With a method we'd trigger migration explicitly.

[grigoryk]

With an explicit method, the only way to get rid off the constructor flag is to expose a migrate method as part of AccountStorage interface; i really like the enclosed nature of these classes - consumers don't need to know anything about migrations, it "just works". This is how the lower level works, as well - consumers of secure prefs don't need to know that it auto-migrates data from insecure prefs in case of an API upgrade! So there's a nice symmetry here I'd like to keep. So, landing as-is.

[grigoryk]

bors r=csadilek

[bors]

Build failed

• complete-push

[grigoryk]

This seems like an intermittent..? But I'm not sure what's going wrong here. Can't reproduce it locally, either. So let's just try again...

[task 2019-11-19T00:25:51.243Z] > Task :concept-sync:jacocoDebug FAILED
[task 2019-11-19T00:25:51.243Z] 
[task 2019-11-19T00:25:51.243Z] FAILURE: Build failed with an exception.
[task 2019-11-19T00:25:51.243Z] 
[task 2019-11-19T00:25:51.243Z] * What went wrong:
[task 2019-11-19T00:25:51.243Z] Execution failed for task ':concept-sync:jacocoDebug'.
[task 2019-11-19T00:25:51.243Z] > There was a failure while executing work items
[task 2019-11-19T00:25:51.243Z]    > A failure occurred while executing com.android.build.gradle.internal.tasks.JacocoTaskDelegate$JacocoWorkerAction
[task 2019-11-19T00:25:51.243Z]       > java.lang.ExceptionInInitializerError (no error message)

[grigoryk]

bors retry

[bors]

Build succeeded

• complete-push