Now, one can specify a function name when configuring the lua_call
privilege to a user or role. If omitted, the privilege will grant
access to any global Lua function except for built-ins and stored
procedures. If specified, the privilege will be applied only to
the given function name, which may be a built-in, but still not
a stored procedure. The function doesn't need to be defined at the
time the privilege is granted.

Since global Lua functions aren't stored in the database and hence
have no numeric ids, we store string names in the _priv system table.
Fortunately, it's already allowed for entity access so we don't need
to update the system schema. The cached runtime access information
is stored in a global hash table. Entries in the hash table are created
on demand and removed if they store no grants.

Closes #9360

NO_DOC=updated doc ticket manually