[RBAC] cache the roles data

[flaneur2020]

Tracking issue

#2793

Summary

https://github.com/datafuselabs/databend/pull/3710/files#r776930739

some ideas:

• seperate a PrivilegeManager which responsible of cache all the privileges from roles, and current user
• factor out the privilege check logic to PrivilegeManager instead of UserGrantSet, or move UserGrantSet out of meta types, leave the metadata types plain data objects.

[BohuTANG]

Because we have the grant sets in the UserInfo now:
https://github.com/datafuselabs/databend/blob/46b89bbac5d60eee9fa7e5679906d02ad2e6f579/query/src/sessions/session_status.rs#L36

Why we still need a PrivilegeManager?

[flaneur2020]

after introducing RBAC, validate_privilege needs not only the infomation from the user's grant set, but also the grant sets of the roles. thus there might need some place to access ALL the roles' grant sets to compute an user's effective grant set, which is a sum of:

• the privileges which directly granted to the user
• the privileges which granted to user's roles

a PrivilegeManager can help cache the privileges from the roles, it would not be useful without RBAC in front.

[flaneur2020]

this issue has a lower privilege than the issue about RBAC design. it might be a step in the RBAC implementation.