feat: unify the managment of privileges for the iceberg sink, source and table

[yezizp2012]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

Part of #21863 .

Checklist

• I have written necessary rustdoc comments.
• I have added necessary unit tests and integration tests.
• I have added test labels as necessary.
• I have added fuzzing tests or opened an issue to track them.
• My PR contains breaking changes.
• My PR changes performance-critical code, so I will run (micro) benchmarks and present the results.
• I have checked the Release Timeline and Currently Supported Versions to determine which release branches I need to cherry-pick this PR into.

Documentation

• My PR needs documentation updates.

Release note

[Copilot]

Pull request overview

This PR unifies the management of privileges for Iceberg sinks, sources, and internal tables. When privileges are granted or revoked on an Iceberg table, the changes now automatically propagate to the associated __iceberg_sink_* and __iceberg_source_* objects, ensuring consistent access control across all related components.

Key changes:

• Added get_iceberg_related_object_ids() function to identify associated Iceberg sink, source, and internal table objects
• Modified privilege grant/revoke logic to automatically include Iceberg-related objects when granting SELECT privileges
• Updated default privilege handling to skip auto-granting for internal Iceberg sinks and sources
• Fixed internal table ACL display to not show default privileges

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/meta/src/controller/utils.rs	Adds get_iceberg_related_object_ids() function and integrates it into default privilege granting logic to automatically handle Iceberg sink/source privileges
src/meta/src/controller/user.rs	Updates grant_privilege() and revoke_privilege() to automatically handle privileges for Iceberg-related objects when granting/revoking on Iceberg tables
src/meta/src/controller/streaming_job.rs	Adds conditional logic to skip default privilege granting for Iceberg sinks and indexes using need_grant_default_privileges flag
src/meta/src/controller/catalog/create_op.rs	Refactors source creation flow to conditionally grant default privileges only for non-Iceberg sources
src/frontend/src/catalog/system_catalog/rw_catalog/rw_internal_tables.rs	Changes ACL display for internal tables from showing default privileges to actual privileges
e2e_test/ddl/iceberg_privilege.slt	Adds comprehensive e2e test coverage for Iceberg privilege management, testing grant, revoke, and default privileges scenarios

[chenzl25]

LGTM