Docs: clarify PgQue roles are global/coarse, not per-queue multi-tenant isolation

[NikolayS]

Summary

Docs should explicitly state that PgQue's built-in roles are coarse global operational roles, not per-queue or per-tenant isolation for mutually untrusted applications sharing one database.

This is related to #96, #102, and #106, but broader as an API contract/documentation issue.

Why

Current grants and APIs are global:

• pgque_reader gets select on all tables in schema pgque
• pgque_writer can subscribe/receive/ack by queue and consumer names globally
• low-level primitives operate by batch_id, queue name, consumer name
• active batch ids and payloads can be discoverable/readable by writers/readers depending on grants

Findings from rounds 2-4 show cross-app interference paths:

• Security: any pgque_writer can ack another consumer/app's active batch by batch_id #102: writer can ack another app's batch
• Security: low-level primitives let writers mutate/read other consumers' active batches #106: writer can reposition/retry/read another consumer's active batch
• Security: pgque roles are bypassed by default PUBLIC EXECUTE on functions #96: PUBLIC/default EXECUTE bypasses intended role boundaries

Suggested docs

README/reference should include a blunt note near Roles and grants:

PgQue roles are coarse database-level roles. They are intended for trusted applications/operators within the same database, not as per-queue tenant isolation. Do not grant pgque_writer to mutually untrusted apps unless you add your own schema/database isolation or future per-queue ACLs.

Also consider documenting recommended isolation patterns:

• separate databases per tenant/app
• separate PgQue installs/schemas if supported
• app-owned wrapper functions with restricted grants
• future per-queue ACL roadmap

Environment

Reviewed on main at 9b3f89f.

[NikolayS]

Fixed in PR #126 (commit fc3c2dd):

(a) Changes:

• docs/reference.md: New "Roles are global, not per-queue" subsection under "Roles and grants" — explicitly states:
  • pgque_reader has select on all tables in the schema (all queues)
  • pgque_writer can receive/ack/nack on any queue with any consumer name
  • No per-queue ACL, no per-tenant isolation built in (intentional design decision)
  • Recommended isolation patterns: separate databases, schema wrappers, app-owned functions
• README.md: Short "Roles are global, not per-queue" blunt note added to the Roles and grants section, linking to the reference for details

(b) Commit: fc3c2dd

(c) PR: #126