pgsql: Fix mishandling of column-level SELECT privileges for join alias

Fix mishandling of column-level SELECT privileges for join aliases.

scanNSItemForColumn, expandNSItemAttrs, and ExpandSingleTable would
pass the wrong RTE to markVarForSelectPriv when dealing with a join
ParseNamespaceItem: they'd pass the join RTE, when what we need to
mark is the base table that the join column came from.  The end
result was to not fill the base table's selectedCols bitmap correctly,
resulting in an understatement of the set of columns that are read
by the query.  The executor would still insist on there being at
least one selectable column; but with a correctly crafted query,
a user having SELECT privilege on just one column of a table would
nonetheless be allowed to read all its columns.

To fix, make markRTEForSelectPriv fetch the correct RTE for itself,
ignoring the possibly-mismatched RTE passed by the caller.  Later,
we'll get rid of some now-unused RTE arguments, but that risks
API breaks so we won't do it in released branches.

This problem was introduced by commit 9ce77d75c, so back-patch
to v13 where that came in.  Thanks to Sven Klemm for reporting
the problem.

Security: CVE-2021-20229

Branch
------
REL_13_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/d525fbcfd167b28818301d0a2d3548ae6a744588

Modified Files
--------------
src/backend/parser/parse_relation.c      | 43 ++++++++++++++---------------
src/backend/parser/parse_target.c        |  8 ++++--
src/test/regress/expected/privileges.out | 46 ++++++++++++++++++++++++++++++++
src/test/regress/sql/privileges.sql      | 19 +++++++++++++
4 files changed, 93 insertions(+), 23 deletions(-)