release-26.2: descs: evict stale SystemDatabaseCache entries on descriptor-not-found

[msbutler]

Backport 1/1 commits from #169351 on behalf of @msbutler.

---

Summary

PR #169044 allowed SystemDatabaseCache to accept updated name→ID mappings,
but the update path was never triggered because the stale cache hit in
lookupDescriptorID prevented the KV read that would have provided the
corrected mapping — a self-reinforcing cycle.

When getDescriptorByName resolves a system table name to an ID but the
descriptor at that ID doesn't exist, evict the entry from the
SystemDatabaseCache. The next lookup misses the cache, reads from KV, and
self-heals. This works across all nodes since the corrected namespace entry
is in shared KV storage.

Fixes #169316

Epic: none

Release note (bug fix): Fixed a bug where PCR reader tenants could
permanently fail authentication after SetupOrAdvanceStandbyReaderCatalog
rewrote the system.privileges namespace entry. A stale cached name→ID
mapping was never refreshed, causing every SQL connection to fail with
"descriptor not found".

---

Release justification:

[trunk-io]

😎 Merged successfully - details.

[blathers-crl]

Thanks for opening a backport.

Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate.

[cockroach-teamcity]

This change is 

[fqazi]

@fqazi reviewed 6 files and all commit messages, and made 1 comment.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on spilchen).