Describe the proposal

Gravitino unified authorization will use multiple authorization plugins for different catalogs. For relational catalogs, they usually supports GRANT/REVOKE SQL to authorize.
The plugin will support use SQL to authorize. In Gravitino, we have three kinds of relational catalog.

1. Hive catalog: a big data typical data catalog. Maybe we should use Hive client to execute the SQL.
2. Jdbc catalogs: MySQL, PostSQL and etc , they use Jdbc library to execute SQL.
3. Lakehouse catalogs: Iceberg,Hudi,Paimon have different backends. They may need different implement for different backends.

I will draft a design document first.

Task list

• [Subtask] Underlying data source authorization privilege abstract #5665
• [Subtask] Relational chained authorization plugin #5675
• Design document https://docs.google.com/document/d/1nkNd7edVjP7Nx4Avv0nV08jsVqfX5dsWob0RJD-pzL0/edit?tab=t.0'
• Add the SQL-Based authorization plugin interface
• Support Hive SQL-Based authorization plugin