Migrate away from hardware-backed keys until keymaster issues can be resolved

This branch re-encrypts the DB key without using a key provided by the Android keymaster, to prevent the user's account from being lost if the keymaster fails to provide the key.

This is the first part of #1696. The second part will be to catch the exception that's thrown when the keymaster fails to provide the key, and show a dialog advising the user to reboot their phone. Once the user has upgraded to a version that includes this branch, they'll only need to reboot once; after that the hardware-backed key will no longer be needed.

This branch also adds some logging to help us track down account-related bugs.