[4.x] Make forcing RLS configurable

[lukinovec]

This PR adds the $forceRls static property to the tenants:rls command.

If $forceRls is true (default), the table owners won't be able to query their own tables (unless the owners have the BYPASSRLS privilege). If the property is set to false, table owners will bypass RLS, allowing them to query the owned tables.

(follow up on #1288)

---

Additional context:

• By default we expect the central user to have the BYPASSRLS perm
• If that's not the case, this setting can be set to false and everything should still work normally — table owners bypass RLS by virtue of being table owners
• When forceRls is true, table owners do not automatically bypass RLS policies unless they have the BYPASSRLS perm
• In custom setups where additional users may be involved, or the central user isn't the user creating tables, additional care should be taken when customizing this
• The setting is true by default for more safety (even if in the most standard cases there's no change in behavior regardless of how this setting is configured)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.71%. Comparing base (e74e1f9) to head (3c6e5b3).
Report is 1 commits behind head on may25.

Additional details and impacted files

@@            Coverage Diff            @@
##              may25    #1293   +/-   ##
=========================================
  Coverage     84.71%   84.71%           
- Complexity     1078     1079    +1     
=========================================
  Files           178      178           
  Lines          3120     3121    +1     
=========================================
+ Hits           2643     2644    +1     
  Misses          477      477           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheDeadCode]

Any news on this? <3

[Copilot]

Pull Request Overview

This PR adds the configurable static property $forceRls to control whether table owners bypass RLS policies and updates tests to validate the behavior with different RLS configurations.

• Introduces the $forceRls property in CreateUserWithRLSPolicies to force RLS policy enforcement.
• Updates tests in TraitManagerTest, TableManagerTest, and PolicyTest to account for configurable RLS behavior using additional test parameters.
• Adds new tests to verify that even table owners and users without BYPASSRLS privilege are correctly affected when forceRls is enabled.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
tests/RLS/TraitManagerTest.php	Updated test signatures and configuration for testing implicit RLS and forceRls behavior.
tests/RLS/TableManagerTest.php	Modified tests to include RLS forcing scenarios and added comprehensive tests for RLS logic.
tests/RLS/PolicyTest.php	Revised tests to incorporate forceRls parameter and validate tenant session variable failures.
src/Commands/CreateUserWithRLSPolicies.php	Introduced the $forceRls property with documentation and corresponding logic in the command.