pgsql: Make relation-enumerating operations be security-restricted oper

Make relation-enumerating operations be security-restricted operations.

When a feature enumerates relations and runs functions associated with
all found relations, the feature's user shall not need to trust every
user having permission to create objects.  BRIN-specific functionality
in autovacuum neglected to account for this, as did pg_amcheck and
CLUSTER.  An attacker having permission to create non-temp objects in at
least one schema could execute arbitrary SQL functions under the
identity of the bootstrap superuser.  CREATE INDEX (not a
relation-enumerating operation) and REINDEX protected themselves too
late.  This change extends to the non-enumerating amcheck interface.
Back-patch to v10 (all supported versions).

Sergey Shinderuk, reviewed (in earlier versions) by Alexander Lakhin.
Reported by Alexander Lakhin.

Security: CVE-2022-1552

Branch
------
REL_11_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/48ca2904c11d4293ec0bed1625259b2e4ef550cc

Modified Files
--------------
contrib/amcheck/expected/check_btree.out | 23 ++++++++++
contrib/amcheck/sql/check_btree.sql      | 21 +++++++++
contrib/amcheck/verify_nbtree.c          | 28 +++++++++++
src/backend/access/brin/brin.c           | 30 +++++++++++-
src/backend/catalog/index.c              | 41 ++++++++++++-----
src/backend/commands/cluster.c           | 35 +++++++++++---
src/backend/commands/indexcmds.c         | 79 +++++++++++++++++++++++++++++++-
src/backend/utils/init/miscinit.c        | 24 ++++++----
src/test/regress/expected/privileges.out | 63 +++++++++++++++++++++++++
src/test/regress/sql/privileges.sql      | 47 +++++++++++++++++++
10 files changed, 361 insertions(+), 30 deletions(-)