Avoid a server to keep access to stale Vault policies
Summary:
If a server lose access to any policy, it would keep the last state.
Instead, we now submit a new policy "intentionally left blank"
to explicitly document that node doesn't have access to anything.
This is a follow-up for af9db00760be.
Ref T1425.
Test Plan:
salt-call --local credentials.build_policies_by_node
Tested on Complector, we've a correct set of policies for every node.
Reviewers: DorianWinty
Reviewed By: DorianWinty
Maniphest Tasks: T1425
Differential Revision: https://devcentral.nasqueron.org/D2671