Query History: Do not return results from API if user is in the viewer role

[gelicia]

As a response to https://community.grafana.com/t/should-viewer-have-access-to-query-history-in-explore-menu/123023

This is not a critical security issue, but something to follow up on.

Results for Query History are returned via a GET to api/query-history - results are automatically filtered to be for the user who sent the request.

In Grafana's permission system, the "viewer" role is generally limited from accessing query information. They can see dashboards, but cannot edit them to see the queries generating the results, nor can they access Explore.

In the following scenario, a user in the viewer role would be able to access query data via query history:

1. The user was formerly not in a viewer role, and ran queries in Explore
2. The user noted the API call to get query history data
3. The user was then changed to be viewer
4. The user ran the API call before the query history cleanup was triggered (defaulting to 2 weeks), or they starred queries.

Actual Result: The user would see query data. They would only be able to access queries they had previously ran.
Expected Result: The API call to get query history data should not return results if the user is in the viewer role.

[ifrost]

W need to investigate additional scenario:

• a user has a viewer role
• viewers_can_edit is disabled
• the user has additional role assigned datasource:explore

With #88735 such user will not able to access Query History.