Remove JDBC connector allow-drop-table flag

[electrum]

Remove the legacy allow-drop-table flag. This defaulted to false, so this is a behavior change, but it was inconsistent since we didn't restrict any other operations. Users can enable security using https://trino.io/docs/current/security/built-in-system-access-control.html.

[kokosing]

% comment

[urbanfletch]

@electrum @findepi it looks like this change was approved. can it be merged?

[kokosing]

Thanks!

[kokosing]

See first commit of airlift/airlift#880

[findepi]

Remove the legacy allow-drop-table flag. This defaulted to false, so this is a behavior change, but it was inconsistent since we didn't restrict any other operations

Before the change, a user could not erase data easily, since we don't have DELETE support, and DROP TABLE was disabled.
A user could delete data by DROP COLUMN for every column.

Thus the data was not secured against a malicious user, acting intentionally, but was protected against a careless or irrepressible user.
Current default doesn't provide this protect.

I agree allow-all would be the more consistent default behavior from long term perspective. But maybe this is too late for this, and we need read-only as the default?

[willmostly]

@findepi IMO the connector level default should be allow-all, and any default restrictions should be applied at the system level. This reduces the potential for confusion.

[urbanfletch]

@findepi I agree with Will's assessment. Ranger is what the field is using - having multiple locations will confuse the issue and make things more complicated for us and the customer.