Auth/PM-3515 - Lock component Tech Debt Clean up (#10332)

* PM-3515 - Lock component - remove isUnlocked check on lock comp load b/c lock guard should cover all cases with its existing logic for all clients.

* PM-3515 - VaultTimeoutSettingsSvc - Add new canLock method

* PM-3515 - Refactor logic out of lock component that belongs in lock guard. Update lock guard to reject route activation if a user can't lock whereas we used to log the user out when they landed on the lock comp.

* PM-3515 - WIP on testing all lock guard scenarios

* PM-3515 - Refactor lock guard tests + add more tests

* PM-3515 - LockGuard - if TDE user that is authN directly navigates from login-init to lock for whatever reason (only possible on web with url bar), reject that navigation directly instead of throwing them up to the redirect guard

* PM-3515 - More LockGuard tests

* PM-3515 - Update comment

libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts

@@ -90,10 +90,17 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
     await this.cryptoService.refreshAdditionalKeys();
   }
 
-  availableVaultTimeoutActions$(userId?: string) {
+  availableVaultTimeoutActions$(userId?: string): Observable<VaultTimeoutAction[]> {
     return defer(() => this.getAvailableVaultTimeoutActions(userId));
   }
 
+  async canLock(userId: UserId): Promise<boolean> {
+    const availableVaultTimeoutActions: VaultTimeoutAction[] = await firstValueFrom(
+      this.availableVaultTimeoutActions$(userId),
+    );
+    return availableVaultTimeoutActions?.includes(VaultTimeoutAction.Lock) || false;
+  }
+
   async isBiometricLockSet(userId?: string): Promise<boolean> {
     const biometricUnlockPromise =
       userId == null