Add programmatic role generation (1:1 for database, schema, table)

[spyglass-software]

Part of the Managed Roles feature.

Users should be able to define a high level policy like: "For each schema, I want an admin, editor, and viewer role for all current and future tables".

Proposed YAML

spyglass:
  managedRoles:
    schema:
      objects: ["table"]

Resulting Roles

Example for a database acme with schemas production and staging:

create role acme.production_all_tables_admin;
grant all privileges on all tables in schema acme.production to role acme.production_all_tables_admin;

create role acme.production_all_tables_editor;
grant {select, insert, update, delete} on all tables in schema acme.production to role acme.production_all_tables_editor;
grant {select, insert, update, delete} on future tables in schema acme.production to role acme.production_all_tables_editor;

create role acme.production_all_tables_viewer;
grant select on all tables in schema acme.production to role acme.production_all_tables_viewer;
grant select on future tables in schema acme.production to role acme.production_all_tables_viewer;

create role acme.staging_all_tables_admin;
...
create role acme.staging_all_tables_editor;
...
create role acme.staging_all_tables_viewer;
...

...