Added bool return value to RequireSuperUser function

[mgm702]

Hello, I'm looking to make a contribution to your codebase. I was able to find a relatively simple issue that I can tackle (#32662). I've made the changes for the RequireSuperUser function and if this is still needed in the codebase I'd love to help with that.

[cockroach-teamcity]

This change is 

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[RaduBerinde]

Hi and thank you for you contribution!

The new interface doesn't really solve the problem. If I get false and an error, is it because I'm not superuser or is it because some other error was hit? I think the interface should return false and no error if we are not super user. (and the name should be changed to something like IsSuperUser). For the common use-case we can have a shared RequireSuperUser wrapper which only returns an error and generates the "insufficient privilege" error as needed.

Reviewable status: complete! 0 of 0 LGTMs obtained

[knz]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @mgm702)

---

pkg/ccl/roleccl/role.go, line 74 at r1 (raw file):

	}

	if _, err := p.RequireSuperUser(ctx, "grant role"); err != nil {

This is an example of what Radu explained: in this code block, the err object returned by RequireSuperUser is silently dropped. This code block (and others) should:

1. test the error; if non-nil, always return the error
2. if no error, test the boolean
3. only if the boolean is true (the user is a super-user) do the privileged operation

Also, if the function merely tests whether the user is a super-user, the name RequireSuperUser is not appropriate any more. I think the name IsSuperUser would be better.

[Gurio]

@mgm702: do you plan to continue on that task? otherwise I could take over