oneway primaryUserCredential (vec<uint8_t> secret)
When the primary user is unlocked, this method is passed a secret to prove that is has been successfully unlocked.The primary user can either be unlocked by a person entering their credential or by another party using an escrow token e.g.a device administrator.
The first time this is called, the secret must be used to provision state that depends on the primary user's secret.The same secret must be passed on each call until the next factory reset.
Upon factory reset, any dependence on the secret must be removed as that secret is now lost and must never be derived again.A new secret must be created for the new primary user which must be used to newly provision state the first time this method is called after factory reset.
The secret must be at least 16 bytes.