How do the Secure Enclave or Android Keystore system protect cryptographic keys, and what are their architectural limitations at Tools for Humanity?