This commit renames identicons to avatars in field names, and uses an ImageView
derivative to show the identicons, which should make implementing #214 easier.

Source: https://github.com/saiimons/Android-Identicons
License: Apache License, Version 2.0

Also removed unnecessary adapter notifications in various places.

Whether or not a class needs to run as a service is an implementation decision.

Since API 23 this is required for access to the Bluetooth APIs
See:
https://developer.android.com/intl/ko/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id

Closes #223

also run setting the default preferences in a background thread

Closes #184

Due to the nature of how Android app install/uninstall works without
root, this requires manual confirmation after a panic was triggered.

Closes #211

* Only show them as unread when they arrive out of order
* Mark all messages as read when sending a message

The method `runOnDbThread()` depends on an executor
that's created by roboguice at startup.
It requires to be signed in, so use a different thread instead.

PanicKit does distinguish between two kinds of panic responses:

* default responses such as logging out which are non-destructive and
  do not require user interaction, so that the basics work without
  configuration
* destructive responses such as deleting user data. These require
  some sort of authentication to make sure they are not triggered
  by malicious apps

The second type of responses is implemented with this commit.

Authentication is done by comparing the package name
which is very weak. It requires the user to opt-in to
destructive responses and to configure from which app
to receive those (since there might be many different panic
trigger apps).

While possible to uninstall an app and install one with the same
package name afterwards, this always triggers notifications to
the user (if the attacker does not have root access).

Still that is no sufficient security for Briar's requirements,
so that TrustedIntents are used as well to make sure that the
app sending the destructive trigger is signed by a signing key
that we specified before. Currently, that is the one from the
GuardianProject and from IilabEngineering who does the Amnesty
International Panic App.

The responsibility of checking that the panic TRIGGER is
legitimate lies with the app responding to the trigger, so Briar
in this case. This commit checks whether the TRIGGER comes from
a trusted app before performing destructive actions,
but does perform the default action even when triggered from
untrusted apps.

Closes #210

This closes #204

Also removed some unused code from BaseActivity.