release-20.2: sql: Fix privilege checks to consider direct/indirect roles

[rafiss]

Backport 1/1 commits from #58254.

/cc @cockroachdb/release

---

Resolves #57621

Previously, privilege inquiry functions only looked for whether
the user passed in in the first argument or current user had
privileges on schemas, databases, tables, etc. with the built-ins
such as has_schema_privileges, which was incorrect. This change
makes sure that all roles the user is a direct or indirect member
of are checked for privileges as well.

Release note (bug fix): The has_${OBJECT}_privilege built-in methods
such as has_schema_privilege now additionally checks whether roles
the user is a direct or indirect member of also have privileges on
the object. Previously only one user was checked which was incorrect.
This bug has been present since version 2.0 but became more
prominent as of v20.2 when role-based access control was included in
CockroachDB Core.

[cockroach-teamcity]

This change is 

[angelapwen]

Seems to be failing here

testdata/logic_test/privilege_builtins:1104:
expected success, but found
(3F000) unknown schema "s"
errors.go:60: in NewUndefinedSchemaError()
logic.go:2693:
testdata/logic_test/privilege_builtins:1104: error while processing
logic.go:2693: pq: unknown schema "s"

Does it need to be my_db.s instead of just s? I'm not sure why it fails in 20.2 but not in the original PR.

[rafiss]

ah i see... i had to remove that because this isn't (and won't be) backported to 20.2: #55647

hmm but i would have expected it to work since the current db is my_db... will investigate

[rafiss]

ah i see, probably because the user was switched to root.

[angelapwen]

Not sure if I was supposed to review before you merge, but LGTM!

[rafiss]

yes i needed your review! thank you :)