release-23.2: catalog: add descriptor repair to remove missing roles

[fqazi]

Backport 1/1 commits from #122557.

/cc @cockroachdb/release

---

Previously, we had a bug that could lead to descriptors having privileages to roles that no longer exist. This could lead to certain commands like SHOW GRANTS breaking. To address this, this patch will add descirptor repair logic to automatically clean up oprhaned privileges.

Fixes: #122552

Release note (bug fix): Add automated clean up / validation for dropped roles inside descriptors.
Release justification: low risk fix that prevents corrupt descriptors from impacting SHOW GRANTS

[blathers-crl]

Thanks for opening a backport.

Please check the backport criteria before merging:

• Backports should only be created for serious
  issues or test-only changes.
• Backports should not break backwards-compatibility.
• Backports should change as little code as possible.
• Backports should not change on-disk formats or node communication protocols.
• Backports should not add new functionality (except as defined
  here).
• Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
• All backports must be reviewed by the owning areas TL and one additional
  TL. For more information as to how that review should be conducted, please consult the backport
  policy.

If your backport adds new functionality, please ensure that the following additional criteria are satisfied:

• There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
• The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
• New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
• The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
• Your backport must be accompanied by a post to the appropriate Slack
  channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

[cockroach-teamcity]

This change is 

[rafiss]

i think this should account for node also. maybe we should backport some of the changes i'm adding in #124772

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @dhartunian and @fqazi)

---

pkg/sql/crdb_internal.go line 6155 at r1 (raw file):

			}
			doError(catalog.ValidateRolesInDescriptor(descriptor, func(username username.SQLUsername) (bool, error) {
				if username.IsRootUser() ||

does this also need to exclude the node user? otherwise, it will report errors on internal objects that are owned by node. i created #124772

---

pkg/sql/crdb_internal.go line 6620 at r1 (raw file):

							(SELECT username
							FROM system.users UNION
							SELECT 'public' as username)

what about node?

---

pkg/sql/sem/builtins/builtins.go line 5426 at r1 (raw file):

							(SELECT username
							FROM system.users UNION
							SELECT 'public' as username)

should node go here too?

[fqazi]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @dhartunian and @rafiss)

---

pkg/sql/crdb_internal.go line 6155 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

does this also need to exclude the node user? otherwise, it will report errors on internal objects that are owned by node. i created #124772

Done.

---

pkg/sql/crdb_internal.go line 6620 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

what about node?

Done.

---

pkg/sql/sem/builtins/builtins.go line 5426 at r1 (raw file):

Previously, rafiss (Rafi Shamim) wrote…

should node go here too?

Done.

[rafiss]

lgtm!

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @dhartunian)

[fqazi]

@rafiss @dhartunian TFTR!