[lib] Don't invalidate a session if the recovery is cancelled

Summary:
Discovered this issue while testing keyserverAuth-based recovery. We should wait until a non-cancelled recovery fails in order to invalidate the session.

I suspect I hadn't encountered it in prior testing because before introducing keyserverAuth to the dep list, the recovery was unlikely to get cancelled before it ran its course.

Test Plan: Confirm that a cancelled keyserver session recovery doesn't invalidate the session

Reviewers: tomek, inka

Reviewed By: tomek

Differential Revision: https://phab.comm.dev/D11497