No superuser connection

Some GitLab database connections are with a superuser role. This means RLS is ignored because superuser can access all data. We need to provide a convenient method of making the connection not a superuser connection.

The emphasis on this current issue is development and gitlab.com. Please create a follow up issue for problems related to other platforms.

Some database operations will still need to run through superuser privileges.

In development we don't have to contend with PgBouncer but we are operating at a very fundamental level so we need to be careful.

Being able to toggle through feature flags would be great.

We have to contend with existing legacy account configurations and self managed having override ability.

The answer might be creating a standard user role and then downgrading within the connection:

-- Switch to a less privileged role
SET ROLE regular_user;

-- Do your restricted operations
SELECT * FROM some_table;

-- Switch back to superuser
RESET ROLE;
-- or explicitly: SET ROLE superuser_name;

-- alternatively ...

-- Switch session to regular user
SET SESSION AUTHORIZATION regular_user;

-- Do restricted operations
SELECT * FROM some_table;

-- Switch back (only works if original user was superuser)
RESET SESSION AUTHORIZATION;