Add security checks to the multivariate MCV estimation code.

 Add security checks to the multivariate MCV estimation code.
 
 The multivariate MCV estimation code may run user-defined operators on
 the values in the MCV list, which means that those operators may
 potentially leak the values from the MCV list. Guard against leaking
 data to unprivileged users by checking that the user has SELECT
 privileges on the table or all of the columns referred to by the
 statistics.
 
 Additionally, if there are any securityQuals on the RTE (either due to
 RLS policies on the table, or accessing the table via a security
 barrier view), not all rows may be visible to the current user, even
 if they have table or column privileges. Thus we further insist that
 the operator be leakproof in this case.
 
 Dean Rasheed, reviewed by Tomas Vondra.
 
 Discussion: https://postgr.es/m/CAEZATCUhT9rt7Ui=Vdx4N==VV5XOK5dsXfnGgVOz_JhAicB=ZA@mail.gmail.com