sql: support tracking which users grant privileges for revoke compatibility

[jackcwu]

As described in the Postgres docs: https://www.postgresql.org/docs/14/sql-revoke.html

A user can only revoke privileges that were granted directly by that user. If, for example, user A has granted a privilege with grant option to user B, and user B has in turn granted it to user C, then user A cannot revoke the privilege directly from C.
Instead, user A could revoke the grant option from user B and use the CASCADE option so that the privilege is in turn revoked from user C. For another example, if both A and B have granted the same privilege to C, A can revoke their own grant but not B's grant, so C will still effectively have the privilege.

Currently, CockroachDB lets any user revoke privileges on another user, given that the revoking user has the appropriate privileges. To reproduce this issue, from root, do:

create user grantselect with password 'roach';
create user revokeselect with password 'roach';
create user target with password 'roach';
create table tt(row INT);
grant all privileges on table tt to grantselect with grant option;
grant all privileges on table tt to revokeselect with grant option;
# switch to grantselect
grant all privileges on table tt to target with grant option;
# switch to revokeselect
revoke all privileges on table tt from target;
show grants on table tt;

the user 'target' will have its privileges revoked by a user that did not create it, which is not consistent with the behavior of Postgres

Jira issue: CRDB-10892

[rafiss]

This would allow us to fix #67442

[chengxiong-ruan]

Would allow us to fix #88155 as well

[github-actions]

We have marked this issue as stale because it has been inactive for
18 months. If this issue is still relevant, removing the stale label
or adding a comment will keep it active. Otherwise, we'll close it in
10 days to keep the issue queue tidy. Thank you for your contribution
to CockroachDB!