VAULT-28677: Fix dangling entity-aliases in MemDB after invalidation

[marcboudreau]

Description

This change corrects a regression that was introduced by #27184.

When an entity has been modified in a storage bucket such that one or more aliases has been removed, those removed aliases were not being deleted from the MemDB table containing them. This change corrects this by scanning all associated aliases with entities that have been determined to be modified in the storage bucket, and deleting any associated aliases from MemDB that are no longer associated with the entity in the storage bucket.

TODO only if you're a HashiCorp employee

• [ ] Labels: If this PR is the CE portion of an ENT change, and that ENT change is getting backported to N-2, use the new style backport/ent/x.x.x+ent labels instead of the old style backport/x.x.x labels.
• [x] Labels: If this PR is a CE only change, it can only be backported to N, so use the normal backport/x.x.x label (there should be only 1).
• [ ] ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature of a public function, even if that change is in a CE file, double check that applying the patch for this PR to the ENT repo and running tests doesn't break any tests. Sometimes ENT only tests rely on public functions in CE files.
• [x] Jira: If this change has an associated Jira, it's referenced either in the PR description, commit message, or branch name.
• [ ] RFC: If this change has an associated RFC, please link it in the description.
• [ ] ENT PR: If this change has an associated ENT PR, please link it in the description. Also, make sure the changelog is in this PR, not in your ENT PR.