I would use the first method, but only for usability reasons. Because it gives the user a choice to easily revert back to the original homescreen/lockscreen if he chooses not to make the new one a default choice yet.
I'm afraid both strategies you described are quite difficult (depending on the api level range you want it to work on). The difficulty is not in their difference, the difficulty is in overriding the buttons (as Google makes it more difficult by closing down security loopholes for the newer api levels).
PS: Please note that Jellybean has a new Daydream functionality. If customizing the lockscreen is all you need. That may be the way to go since Jellybean is much more secure in that respect and more difficult to work with than the previous api levels otherwise.
Also, consider using the HTC screenlock api for HTC devices. This way, your solution won't be too hacky at least for their newer devices. And perhaps, do a version for rooted devices as well, since that too should be easy, for users who already have obtained root on their device. Don't discount the rooted market, users with root access do spend a disproportionate amount of money on applications in Google Play. That much is obvious if you just take a look at some of the rough numbers of downloads for paid applications that say (for root only) that Google Play gives you.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…