ui: gate all statement bundle operations under VIEWACTIVITY

[xinhaoz]

Currently, requesting, viewing (downloading), and deleting statement bundle requests from DB console are all gated under different permissions:

• Request statement bundle - VIEWACTIVITY system privilege (this privilege is widely used across DB console features)
• Delete statement bundle - admin only, see db-console: users with VIEWACTIVITY privilege cannot cancel statement bundle requests #119475
• View/download requests - VIEWSYSTEMTABLE privilege

All of the above operations should be allowed with VIEWACTIVITY. One option is to create a VIEWACTIVITY gated view on top of the statement bundle table and an equivalent builtin to perform deletes. The alternative is to revert to using the grpc endpoints for statement bundles (this is likely preferred over creating new views and builtins).

This is technically a regression - prior to 23.1 we used the GRPC endpoint to perform stmt bundle operations from db-console, which only required VIEWACTIVITY. For 23.1+ we switched to use sql-over-http, which used incorrectly gated sql queries/functions (referenced above).

Jira issue: CRDB-37176