[fix][broke] Fix ShadowReplicator source entry buffer leak

[void-ptr974]

fix #25257

Motivation

ShadowReplicator was retaining the source entry headersAndPayload buffer before sending the replicated message. Unlike geo replication, shadow replication deserializes source entries
with an empty payload, so the producer send path does not own or release the original source entry buffer.

This left one extra reference after the send callback released the Entry, causing Netty leak detector reports like:

LEAK: ByteBuf.release() was not called

Changes

• Remove the unnecessary headersAndPayload.retain() in ShadowReplicator.
• Add a regression test that exercises the ShadowReplicator send path and verifies the source entry ByteBuf refCnt reaches 0 after replication completes.

Verification

./gradlew :pulsar-broker:test --tests org.apache.pulsar.broker.service.persistent.ShadowReplicatorTest

Also verified the new test fails before the fix with expected [0] but found [1].

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

• Dependencies (add or upgrade a dependency)
• The public API
• The schema
• The default values of configurations
• The threading model
• The binary protocol
• The REST endpoints
• The admin CLI options
• The metrics
• Anything that affects deployment

[void-ptr974]

@dlg99 @Jason918 @lhotari PTAL

[void-ptr974]

CI check pass in my local repo: https://github.com/void-ptr974/pulsar/actions/runs/25626436624

[Jason918]

LGTM. It's introduced by the improvement in #23236

[Jason918]

@RobertIndie PTAL. Seems related to #23236