Introduce applet lifecycle support and pre-perso locking

[makinako]

At present, pre-personalisation can occur post-issuance. In some scenarios it is desirable to lock this down so that the applet filesystem is defined once and then locked:

Suggestion:

1. Support the GET/SET STATUS commands to progress the applet lifecycle to APPLET_PERSONALIZED
2. When the applet is in the APPLET_PERSONALIZED state, the putDataAdmin() command is irreversibly disabled
3. Possibly also lock changeReferenceDataAdmin() as an optional FEATURE_ (as key injection is an expected post-issuance activity for some installs)