[login_manager] Allow new owner keys to be pushed with StorePolicy
To handle initial enrollment and emergency key rotation (the current key has been compromised), we will allow any policy stored before the user has begun her session to clobber the existing key/policy.
To perform normal key rotation, we'll validate the signature on the key blob in the policy with the currently registered key and, iff it checks out, replace the stored key.
BUG=13746
TEST=Unit tests, and login_RemoteOwnership (to be landed soon), and login_OwnershipApi
Change-Id: Id4c6e8f3d37224a03ac631ff19bb6daa04ff20eb
Review URL: http://codereview.chromium.org/6793055
10 files changed
