fix(redis): only remove a key if it wouldn't be overwritten (#529)
Fixes a potential race condition persisting user permissions where previously we would
remove the entire set of permissions for a resource, then write the current set. This
changes to only remove the permissions if the updated UserPermission is empty for that
resource type, and to write a new value and swap over the old value if there are
Permissions so that an API request to load that UserPermission that overlaps with
a refresh of the UserPermission in redis doesn't get less data than it should
