Limit Spark SQL queries to SELECT + FLINT commands when Lake Formation is enabled

[asuresh8]

When using Lake Formation, OpenSearch should limit the Spark SQL queries to only SELECT to limit the capability of users to escalate privilege beyond what Lake Formation actually grants the user.

This proposal includes 2 main pieces:

1. Define a more limited ANTLR grammar that restricts SQL grammar to only SELECT, COVERING INDEX, and MATERIALIZED VIEW
2. If Lake Formation is enabled, validate that SQL is restricted to that grammar.

[penghuo]

OSD - QueryExplorer use SHOW TABLE EXTENDED and SHOW DATABASES, is it ok to allowlist them for LF datasource?

[asuresh8]

We need to double check to make sure LF permissions are honored for those commands.

[asuresh8]

This change should be pretty similar to #2790, where a different grammar file needs to be used that scopes down SQL commands. The ANTLR generated lexer for that grammar should be used to validate the query and throw an exception if grammar that is not permitted is used.