- Now we explicitly store the current & target vshard configuration in
  global storage

Follow-up for bfe08313

Also fix some docstrings

This patch changes the way audit records are formatted. Previously
we would format them as plain strings (we still do that in tlog),
now we use json to store all KV pairs including the message.

TODO: optimize string allocations using a stream formatter.

Example:

```
{
  "time": "2023-11-16T22:48:08.297+0300",
  "level": "WARN",
  "auth_type": "chap-sha1",
  "message": "created user `idris`",
  "title": "create_user",
  "pid": 66625,
  "cord_name": "main",
  "fiber_id": 111,
  "fiber_name": "raft_main_loop",
  "file": "src/storage.rs",
  "line": 2633
}
```

This is useful to avoid sorting during snapshot preparation and in
upcoming access control patch it simplifies the check whether a
particular space id belongs to system space id range.

This patch implements an `--audit` flag (disabled by default) which
gives user the ability to enable and configure the audit log. The
flag takes a string containing the mode and parameters needed to
initialize tarantool's logging machinery.

See the flag's documentation for more info.

Example:

```
picodata run --interactive --audit=/tmp/audit.log
```

Dmitry Ivanov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

Implemented:

- features:
    * FFI wrappers for `say.{h,c}`
    * safe logger object on top of FFI definitions
    * unified tlog/audit definitions for formatting
    * fixed a needless allocation in tlog (new root per each line)

- events:
    * create_user
    * drop_user
    * create_role
    * drop_role
    * change_password
    * grant_privilege
    * revoke_privilege
    * create_table
    * drop_table
    * grant_role
    * revoke_role

Todo:

- features:
    * unique id generation
    * security subject (who executed the action)
    * audit configuration (via `pico.audit` function)

- well-defined events:
    * create_database (universe)
    * change_config
    * change_current_grade

- special events (local to each node):
    * auth_ok / auth_fail
    * access_denied (still not sure if we absolutely need that)
    * audit_rotate

- Unavailable (haven't been defined yet):
    * rename_user
    * create_procedure
    * drop_procedure

Example:

```
$ cat /tmp/audit.log
2023-11-10 12:07:19.457 [15735] main/103/interactive I> audit log is ready, title: initialize_audit
2023-11-10 12:07:19.457 [15735] main/103/interactive I> database is starting, title: startup
2023-11-10 12:07:19.818 [15741] main/103/interactive I> audit log is ready, title: initialize_audit
2023-11-10 12:07:19.818 [15741] main/103/interactive I> database is starting, title: startup
2023-11-10 12:07:34.910 [15741] main/111/raft_main_loop storage.rs:2809 W> created user `KEK`, auth_type: chap-sha1, title: create_user
2023-11-10 12:07:52.869 [15741] main/111/raft_main_loop storage.rs:2861 W> created role `mgr`, title: create_role
2023-11-10 12:07:55.602 [15741] main/111/raft_main_loop storage.rs:2861 W> created role `kek`, title: create_role
2023-11-10 12:07:57.594 [15741] main/111/raft_main_loop storage.rs:2906 W> granted role `mgr` to role `kek`, title: grant_role
2023-11-10 12:08:08.482 [15741] main/111/raft_main_loop storage.rs:2913 W> granted privilege execute on universe `` to role `kek`, title: grant_privilege
```

Kurdakov Alexander authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

pico.whoami() returns new field tier

Transferred replication factor from Properties table to new Tier table

Instance and Replicaset belongs to tier via new field tier in _pico_instance and _pico_replicaset

New cli option init-cfg with path to configuration file in yaml format. For now contains only info about tiers.

Was changed in this commit:
https://git.picodata.io/picodata/picodata/picodata/-/commit/4b3b1650423e83724dc8915a0d5bb0c643c31a80

I believe this change was introduced by mistake (most probably because
of bulk rename)

BREAKING CHANGE!:
- pico.trace() function was removed. Use pico.sql() for tracing;
- opentelemetry tables __SBROAD_STAT and __SBROAD_QUERY were renamed
  into _SQL_STAT and _SQL_QUERY tables.

Introduce enrypoints for extended PG protocol:

- pg_bind: bind parameters to portal (IR) by descriptor;
- pg_close: remove portal from the storage by descriptor;
- pg_describe: get the portal metadata and type by descriptor;
- pg_execute: execute portal by descriptor;
- pg_parse: parse an SQL pattern into IR (reusing LRU),
  save IR into portal storage and return the descriptor;
- pg_portals: get a list of portal descriptors visible
  to the current user;

Co-authored-by: Kaitmazian Maksim <m.kaitmazian@picodata.io>