We need to be able to manipulate the collection of entity attributes on a particular entity. One approach to this would be to implement an attribute whitelist/blacklist stage class matching format/attribute/value triples. I think literal matches against such triples would be adequate for many use cases (things like entity categories, LoA/IAP identifiers), but simple wildcarding on the attribute value only would probably be useful too.
Another approach would be to re-use the attribute filtering code that the IdP uses, somehow.
For a first implementation, I believe it is reasonable to handle only individual Attribute elements, and refuse to process Assertion children of EntityAttributes. I'm not sure that any manipulation of such Assertions makes sense given their mandatory signature element.
Handling the special case where all entity attributes end up removed (which is not schema-valid) could be done by this code, but would probably be better handled by a separate "remove empty EntityAttributes" stage in the same way as we have a separate "remove empty Extensions" stage. Might make sense to generalise that to a "remove empty X" instead, as this comes up regularly in SAML, which tends to have 1-or-more content constraints.