[1.3.0] [1.3.1] Delete Bucket does not remove the objects stored in it

[windkit]

Description

Delete a bucket in LeoFS should also remove all the objects in it, but from 1.3.0, those objects are not removed. Creating a bucket with the same name and the file can then be easily accessed. A potential security problem.

Analysis

This is because of a change in leo_manager_api:delete_bucket, during the step of removing all the objects.
https://github.com/leo-project/leofs/blob/master/apps/leo_manager/src/leo_manager_api.erl#L2285

This was a change introduced in 1.4 (at that time) development, when we added the metadata cache for "directories"
leo-project/leo_manager@cca7c46

it calls leo_storage_handler_directory:delete instead of leo_storage_handler_directory:delete_objects_in_parent_dir

The call does not exist in 1.3 branch of leo_storage as we do not merge the metadata cache into 1.3

[mocchira]

good catch.
please PR.
also I'd like to add a label security to distinguish such issues.

[mocchira]

LGTM.