SLRP discards reservations when the agent is discarded, which could lead to leaked volumes.

In the current SLRP implementation the reservations for new SLRP/CSI backed volumes are checkpointed under <meta>/slaves/latest/resource_providers so when the agent runs into incompatible configuration changes (the kinds that cannot be addressed by MESOS-1739), the operator has to remove the symlink and then the reservations are gone. 

Then the agent recovers with a new SlaveInfo and new SLRPs are created to recover the CSI volumes. These CSI volumes will not have reservations and thus will be offered to frameworks of any role, potentially with the data already written by the previous owner. 

The framework doesn't have any control over this and any chance to clean up before the volumes are re-offered, which is undesired for security reasons.