fix leak in wrappedOnClose

[ndyakov]

Fixes #3772

wrappedOnClose is not needed for the Conn object. Add a detailed comments on the user for future help of developers.

Also make sure client onClose is implemented in such a way, so similar leak should not happen.

---

Note

Medium Risk
Touches core connection/client close paths and hook invocation semantics, which could affect cleanup ordering and error propagation. The change is well-contained and reinforced by extensive new regression/concurrency tests.

Overview
Fixes a resource leak caused by repeatedly wrapping baseClient close logic (issue #3772) by replacing the single onClose func() error with a bounded, concurrency-safe onCloseHooks registry where re-registering the same hook id replaces the prior callback.

Moves streaming-credentials unsubscription from client-level close hooks to per-connection pool.Conn.SetOnClose, and documents the required idempotent semantics for StreamingCredentialsProvider.Subscribe/UnsubscribeFunc to avoid leaks across connection re-inits.

Updates sentinel failover and ring-shard cleanup to use the new named-hook registry, and adds focused tests covering hook ordering/replacement/error handling/concurrency plus a regression test modeling EntraID-style providers.

^{Reviewed by Cursor Bugbot for commit a337f4b. Bugbot is set up for automated code reviews on this repo. Configure here.}

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}