[roll] Roll fuchsia [zxcrypt] Allow Format() after Shred() if sealed

As we expand the functionality of password-authenticator, we'd like to
be able to remove an account (which shreds the underlying zxcrypt
volume) and then provision a new one without having to unbind the
zxcrypt device manager.

This is a safe operation, provided that we only allow formatting a
partition from the "sealed" state.  Shredding a partition while sealed
doesn't really change any interesting state for the driver -- if you
call Unseal, it'll look for the zxcrypt magic, find none, and then
reject your attempt to unseal.

Similarly, if you call Shred() while the volume is unsealed, then you'll
have destroyed the superblock but other operations will proceed along
just fine.  If the volume is later sealed, then you return to this state
which keeps nothing about the volume in memory, and is an appropriate
starting point for formatting the volume once more and then unsealing it.

This patch makes it possible for password-authenticator to destroy and
create new volumes without unbinding the zxcrypt driver.  Before this
patch, kShredded was a terminal state; now we distinguish between
shredded-sealed (which we collapse into KSealed) and shredded-unsealed
(for which we rename kShredded into kUnsealedShredded), and permit a
transition from kUnsealedShredded to kSealed via the Seal() call.

Original-Bug: 91713
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/640110
Original-Revision: ffa1afb8e5f221ec79cf3eec3ae5c73f997cd824
GitOrigin-RevId: 229ed24b0b75717ef86cea3513912cfb8b4b48bc
Change-Id: I4a419462c75ce86a4ebff8455eac51cd2d6a1fd8