Add untrusted set_user and superuser whitelist
This patch adds two new functionalities:
- Distinguish between superuser escalation and normal set_user through use of
the 'set_user_u' function. - Add granular control over which PostgreSQL roles can escalate to
superuser.
Previously, we relied on only the Block_SU GUC to toggle all superuser
escalation privileges.