Fix keyguard checking when installing user certs.
Currently the condition is inverted, so the user is asked to enroll
a password only when there is one already.
Also, use existing method instead of a duplicate one. LPU.isSecure doesn't
check the credential owner, but for unified lock with empty parent password
it will correctly return false, so should be correct.
Bug:
113646620
Test: manual, tried installing user certs with and without screen lock.
Change-Id: Iabb1614540e454873e48039be13e22cc89b0a7be