[feature](privilege) Support su user and add admin_readonly role

[seawinde]

What problem does this PR solve?

Overview

• admin_readonly is a built‑in role created at startup. It grants global read privileges (SELECT + SHOW VIEW) and is registered by the role manager.
• SU is implemented as a command that switches the current session user and sets an explicit role override list. It requires the current user to be root; otherwise it throws.

Role resolution flow

• When privileges are checked, the system builds a PrivilegeContext for the current session. If currentRoles is set on the session and the current user matches, that set is used for role resolution; otherwise the user’s default roles are used.
• Role resolution can also include LDAP roles when LDAP auth is enabled.

How admin_readonly affects behavior

• If the resolved role set contains admin_readonly, some “read‑only admin” shortcuts kick in:
  • SHOW RESOURCES is allowed.
  • SHOW WORKLOAD GROUP is allowed.
  • Process list visibility is expanded (both local and RPC paths check for admin_readonly).

How SU interacts with admin_readonly

• SU sets currentRoles explicitly. If admin_readonly is in that list (or comes from LDAP/local roles depending on resolution rules), the session gains the read‑only admin behaviors above.
• If SU specifies no roles, the current code falls back to the target user’s local roles (and then merges LDAP roles). So “no roles” does not mean “no privileges” by default.

Issue Number: close #xxx

Related PR: #xxx

Problem Summary:

Release note

None

Check List (For Author)

• Test

  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)
  • No need to test or manual test. Explain why:
    • This is a refactor/code format and no logic has been changed.
    • Previous test can cover this change.
    • No code files have been changed.
    • Other reason

• Behavior changed:

  • No.
  • Yes.

• Does this need documentation?

  • No.
  • Yes.

Check List (For Reviewer who merge this PR)

• Confirm the release note
• Confirm test cases
• Confirm document
• Add branch pick label

[hello-stephen]

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
3. What features were added. Why was this function added?
4. Which code was refactored and why was this part of the code refactored?
5. Which functions were optimized and what is the difference before and after the optimization?

[seawinde]

run buildall

[doris-robot]

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	79.33% (1796/2264)
Line Coverage	64.77% (31994/49393)
Region Coverage	65.46% (15962/24383)
Branch Coverage	55.97% (8489/15168)

[doris-robot]

TPC-H: Total hot run time: 28935 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 88456007a786c5de9ced008f6d9b73027e211814, data reload: false

------ Round 1 ----------------------------------
============================================
q1	17638	4519	4359	4359
q2	q3	10729	802	516	516
q4	4720	368	252	252
q5	8127	1220	1017	1017
q6	214	174	145	145
q7	802	859	664	664
q8	10812	1500	1344	1344
q9	6813	4811	4744	4744
q10	6895	1879	1633	1633
q11	460	255	245	245
q12	788	566	465	465
q13	17790	4201	3455	3455
q14	224	229	209	209
q15	978	791	786	786
q16	734	722	661	661
q17	774	866	419	419
q18	6745	5456	5367	5367
q19	1167	1027	617	617
q20	506	509	387	387
q21	4422	1867	1402	1402
q22	332	301	248	248
Total cold run time: 101670 ms
Total hot run time: 28935 ms

----- Round 2, with runtime_filter_mode=off -----
============================================
q1	4480	4328	4339	4328
q2	q3	1762	2181	1729	1729
q4	839	1150	758	758
q5	4008	4334	4361	4334
q6	181	173	144	144
q7	1736	1605	1482	1482
q8	2449	2654	2514	2514
q9	8060	7409	7670	7409
q10	2670	2862	2413	2413
q11	514	430	418	418
q12	488	567	439	439
q13	3938	4484	3686	3686
q14	293	310	288	288
q15	854	793	781	781
q16	707	755	720	720
q17	1216	1538	1293	1293
q18	6990	6780	6585	6585
q19	872	827	878	827
q20	2086	2214	2122	2122
q21	4004	3685	3409	3409
q22	468	441	389	389
Total cold run time: 48615 ms
Total hot run time: 46068 ms

[doris-robot]

TPC-DS: Total hot run time: 184196 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 88456007a786c5de9ced008f6d9b73027e211814, data reload: false

query5	5089	645	525	525
query6	329	214	198	198
query7	4224	462	266	266
query8	336	256	246	246
query9	8790	2751	2729	2729
query10	537	379	345	345
query11	17055	17563	17450	17450
query12	213	144	132	132
query13	1260	486	363	363
query14	6930	3338	3081	3081
query14_1	3007	2908	2941	2908
query15	217	208	192	192
query16	1027	507	513	507
query17	1126	787	683	683
query18	3390	517	355	355
query19	219	214	183	183
query20	149	145	133	133
query21	216	145	125	125
query22	5458	4845	4846	4845
query23	17251	16762	16592	16592
query23_1	16621	16670	16563	16563
query24	7096	1587	1227	1227
query24_1	1233	1199	1221	1199
query25	535	450	393	393
query26	1240	263	180	180
query27	2728	464	284	284
query28	4490	1837	1851	1837
query29	794	572	465	465
query30	309	254	207	207
query31	888	733	664	664
query32	76	75	69	69
query33	508	354	278	278
query34	922	895	549	549
query35	619	667	603	603
query36	1085	1142	1000	1000
query37	139	95	87	87
query38	3003	2941	2909	2909
query39	878	861	956	861
query39_1	827	814	822	814
query40	228	153	140	140
query41	62	59	58	58
query42	108	103	101	101
query43	388	367	350	350
query44	
query45	197	186	188	186
query46	870	973	602	602
query47	2119	2152	2034	2034
query48	307	317	229	229
query49	649	471	409	409
query50	689	290	217	217
query51	4119	4136	4163	4136
query52	113	108	99	99
query53	304	340	285	285
query54	296	264	262	262
query55	93	82	80	80
query56	318	310	325	310
query57	1369	1359	1293	1293
query58	292	277	270	270
query59	2671	2736	2541	2541
query60	342	359	334	334
query61	152	148	156	148
query62	634	594	543	543
query63	320	277	273	273
query64	4834	1309	1021	1021
query65	
query66	1382	448	360	360
query67	16308	16530	16264	16264
query68	
query69	400	323	288	288
query70	934	998	932	932
query71	341	326	291	291
query72	2855	2735	2406	2406
query73	546	548	315	315
query74	10039	9946	9806	9806
query75	2878	2739	2463	2463
query76	2297	1038	667	667
query77	360	380	310	310
query78	11123	11395	10708	10708
query79	1194	795	595	595
query80	719	638	531	531
query81	482	282	268	268
query82	1356	149	118	118
query83	375	267	245	245
query84	260	118	112	112
query85	910	584	518	518
query86	368	317	303	303
query87	3119	3107	2997	2997
query88	3545	2649	2655	2649
query89	425	366	348	348
query90	1840	178	176	176
query91	178	170	153	153
query92	84	75	76	75
query93	947	836	502	502
query94	482	333	327	327
query95	607	428	318	318
query96	643	517	228	228
query97	2479	2481	2384	2384
query98	228	219	219	219
query99	1012	950	900	900
Total cold run time: 254589 ms
Total hot run time: 184196 ms

[hello-stephen]

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	52.51% (19566/37259)
Line Coverage	36.17% (182807/505432)
Region Coverage	32.51% (141937/436581)
Branch Coverage	33.45% (61514/183877)

[hello-stephen]

BE Regression && UT Coverage Report

Increment line coverage 100% (0/0) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	71.46% (26079/36494)
Line Coverage	54.27% (273499/503941)
Region Coverage	51.60% (227430/440761)
Branch Coverage	53.01% (97790/184469)

[seawinde]

run buildall

[hello-stephen]

FE UT Coverage Report

Increment line coverage 70.68% (176/249) 🎉
Increment coverage report
Complete coverage report

[hello-stephen]

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	79.33% (1796/2264)
Line Coverage	64.82% (32017/49393)
Region Coverage	65.49% (15969/24383)
Branch Coverage	55.99% (8493/15168)

[doris-robot]

TPC-H: Total hot run time: 30213 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit af2f7793497388db4ece2f9fcfc46b667fef3fb2, data reload: false

------ Round 1 ----------------------------------
============================================
q1	17632	5360	4957	4957
q2	q3	10725	819	535	535
q4	4720	402	256	256
q5	8114	1221	1034	1034
q6	222	189	146	146
q7	910	897	681	681
q8	10760	1662	1470	1470
q9	7151	5050	4826	4826
q10	6978	1897	1632	1632
q11	471	266	243	243
q12	781	607	457	457
q13	17812	4418	3432	3432
q14	245	237	232	232
q15	951	799	793	793
q16	762	730	668	668
q17	770	922	488	488
q18	6230	5467	5492	5467
q19	1736	1182	718	718
q20	608	561	439	439
q21	4631	2132	1466	1466
q22	375	314	273	273
Total cold run time: 102584 ms
Total hot run time: 30213 ms

----- Round 2, with runtime_filter_mode=off -----
============================================
q1	5762	5755	5627	5627
q2	q3	2001	2313	1791	1791
q4	1022	1374	790	790
q5	4305	4580	4542	4542
q6	215	191	140	140
q7	1825	1705	1519	1519
q8	2866	3047	2946	2946
q9	7725	7623	7645	7623
q10	3094	3024	2440	2440
q11	549	438	408	408
q12	535	648	437	437
q13	4036	4657	3620	3620
q14	284	300	271	271
q15	885	812	793	793
q16	743	770	723	723
q17	1489	1765	1404	1404
q18	7290	6826	6798	6798
q19	1008	923	984	923
q20	2110	2392	1981	1981
q21	4584	3736	3594	3594
q22	531	436	376	376
Total cold run time: 52859 ms
Total hot run time: 48746 ms

[doris-robot]

TPC-DS: Total hot run time: 183451 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit af2f7793497388db4ece2f9fcfc46b667fef3fb2, data reload: false

query5	4863	651	531	531
query6	330	223	203	203
query7	4211	466	279	279
query8	360	251	241	241
query9	8766	2735	2716	2716
query10	564	404	354	354
query11	16970	17546	17238	17238
query12	200	136	134	134
query13	1451	484	380	380
query14	7362	3355	3074	3074
query14_1	2956	2844	2893	2844
query15	206	204	180	180
query16	1018	522	496	496
query17	1160	787	645	645
query18	2704	476	372	372
query19	218	227	190	190
query20	140	131	138	131
query21	220	140	123	123
query22	5700	5053	4699	4699
query23	17253	16851	16656	16656
query23_1	16645	16719	16643	16643
query24	7208	1611	1223	1223
query24_1	1228	1229	1226	1226
query25	559	472	421	421
query26	1239	268	160	160
query27	2759	462	282	282
query28	4451	1843	1847	1843
query29	808	556	461	461
query30	307	240	207	207
query31	886	727	654	654
query32	85	73	67	67
query33	519	340	281	281
query34	918	914	557	557
query35	626	676	599	599
query36	1039	1129	997	997
query37	129	90	83	83
query38	2979	2949	2856	2856
query39	893	863	850	850
query39_1	839	806	846	806
query40	237	148	138	138
query41	62	67	59	59
query42	105	101	101	101
query43	368	375	339	339
query44	
query45	199	188	185	185
query46	877	992	602	602
query47	2138	2205	2065	2065
query48	303	318	233	233
query49	618	460	370	370
query50	675	279	213	213
query51	4061	4035	4152	4035
query52	106	109	100	100
query53	282	338	281	281
query54	290	274	251	251
query55	85	93	79	79
query56	357	314	318	314
query57	1366	1351	1283	1283
query58	293	290	267	267
query59	2564	2700	2464	2464
query60	343	340	332	332
query61	155	150	173	150
query62	639	597	550	550
query63	310	279	285	279
query64	4970	1280	983	983
query65	
query66	1409	449	356	356
query67	16430	16494	16398	16398
query68	
query69	386	321	290	290
query70	985	953	887	887
query71	331	305	291	291
query72	2781	2617	2434	2434
query73	534	539	316	316
query74	9994	9922	9752	9752
query75	2834	2734	2471	2471
query76	2310	1040	678	678
query77	356	401	330	330
query78	11199	11398	10723	10723
query79	1518	809	602	602
query80	1326	604	527	527
query81	574	280	245	245
query82	990	157	118	118
query83	333	260	248	248
query84	252	117	100	100
query85	909	508	439	439
query86	424	315	302	302
query87	3144	3099	3000	3000
query88	3513	2652	2625	2625
query89	422	364	340	340
query90	2037	179	170	170
query91	163	157	137	137
query92	77	77	71	71
query93	1011	892	500	500
query94	637	316	305	305
query95	597	397	314	314
query96	632	504	224	224
query97	2488	2508	2395	2395
query98	260	222	214	214
query99	1031	1025	877	877
Total cold run time: 255277 ms
Total hot run time: 183451 ms

[hello-stephen]

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	52.54% (19584/37275)
Line Coverage	36.18% (182878/505484)
Region Coverage	32.47% (141802/436783)
Branch Coverage	33.45% (61517/183911)

[hello-stephen]

BE Regression && UT Coverage Report

Increment line coverage 100% (0/0) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	73.30% (26759/36508)
Line Coverage	56.61% (285331/503990)
Region Coverage	54.11% (238586/440959)
Branch Coverage	55.72% (102809/184503)