One additional detail with the "clear non-leader data" approach is that the original error persists if the lowest numbered unit never comes back to clear its stale relation data. Same goes for the "propagation" approach, however, the receiver needs to have the "last_token" logic to mitigate this issue, then the corner case I mentioned in comment #6 is unlikely (but possible) to happen because vault/0 should have the same token as vault/1.
One additional detail with the "clear non-leader data" approach is that the original error persists if the lowest numbered unit never comes back to clear its stale relation data. Same goes for the "propagation" approach, however, the receiver needs to have the "last_token" logic to mitigate this issue, then the corner case I mentioned in comment #6 is unlikely (but possible) to happen because vault/0 should have the same token as vault/1.