Add PG source checks for row level security

[martykulma]

Add checks to PG source purification to require BYPASSRLS if any of the tables has a row level security policy that affects the MZ user or public.

Motivation

fixes https://github.com/MaterializeInc/database-issues/issues/9752

Checklist

• This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
• This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
• If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
• If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).
• If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.

[petrosagg]

Nice! We might want to check that during the transaction that executes the COPY as well to avoid a time of check time of use type of problem

[martykulma]

Nice! We might want to check that during the transaction that executes the COPY as well to avoid a time of check time of use type of problem

Good point, will add it there as well - TY!

[martykulma]

@petrosagg I feel I made enough changes to warrant a second glance. Instead of returning the list of RLS affected tables in Ok(), I now return in a PostgresError. I was just returning the result and then turning it into an error at every call site.

Thank you!

[martykulma]

Checked in with @petrosagg last week over slack, this is good to go.