* chore: Rewrite rbac rego -> SQL clause
Previous code was challenging to read with edge cases
- bug: OrgAdmin could not make new groups
- Also refactor some function names
* fix: RBAC should default deny missing variables.
The default behavior was to use 'true' for missing variables. This
was an incorrect assumption. If the variable is missing, the new
default is to deny (fail secure).
* Assert 1 workspace is returned for the owners
* feat: Convert rego queries into SQL clauses
* Fix postgres quotes to single quotes
* Ensure all test cases can compile into SQL clauses
* Do not export extra types
* Add custom query with rbac filter
* First draft of a custom authorized db call
* Add comments + tests
* Support better regex style matching for variables
* Handle jsonb arrays
* Remove auth call on workspaces
* Fix PG endpoints test
* Match psql implementation
* Add some comments
* Remove unused argument
* Add query name for tracking
* Handle nested types
This solves it without proper types in our AST.
Might bite the bullet and implement some better types
* Add comment
* Renaming function call to GetAuthorizedWorkspaces
