Fix PgRBACPlugin and pg-introspection understanding of owner permissions

[benjie]

Description

Previously a non-superuser table owner would only be seen as having permissions to a table if that user had an explicit GRANT or REVOKE against it; in the absense of this, Postgres does not add an ACL entry for them, and thus we did not correctly reflect their permissions.

I've attempted to address this issue by emulating more of the PostgreSQL permissions system, but I know there are still gaps (for example if your role has been granted the role that is the owner of the table, and that owner has not been granted or revoked any explicit privileges, then we still won't see you as having permissions). Nonetheless, this PR should at least handle the common case of not having privileges in this case:

create role foo;
create database foo owner foo;
\c foo
set role foo;
create table foo (id serial primary key);

Initially I overhauled the resolvePermissions API for this; but realising that this would both limit the ways that API could be used and also break existing users, I instead introduced an entityPermissions API.

Performance impact

Marginal during the gather phase.

Security impact

None known.

Checklist

• My code matches the project's code style and yarn lint:fix passes.
• I've added tests for the new feature, and yarn test passes.
• I have detailed the new feature in the relevant documentation.
• I have added this feature to 'Pending' in the RELEASE_NOTES.md file (if one exists).
• If this is a breaking change I've explained why.

[changeset-bot]

🦋 Changeset detected

Latest commit: a695945

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages

Name	Type
graphile-build-pg	Patch
postgraphile	Patch
pg-introspection	Patch
graphile-utils	Patch
pgl	Patch
graphile	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR