Remove the row_security=force GUC value.

 Remove the row_security=force GUC value.
 
 Every query of a single ENABLE ROW SECURITY table has two meanings, with
 the row_security GUC selecting between them.  With row_security=force
 available, every function author would have been advised to either set
 the GUC locally or test both meanings.  Non-compliance would have
 threatened reliability and, for SECURITY DEFINER functions, security.
 Authors already face an obligation to account for search_path, and we
 should not mimic that example.  With this change, only BYPASSRLS roles
 need exercise the aforementioned care.  Back-patch to 9.5, where the
 row_security GUC was introduced.
 
 Since this narrows the domain of pg_db_role_setting.setconfig and
 pg_proc.proconfig, one might bump catversion.  A row_security=force
 setting in one of those columns will elicit a clear message, so don't.