pgsql: RLS: Keep deny policy when only restrictive exist

RLS: Keep deny policy when only restrictive exist

Only remove the default deny policy when a permissive policy exists
(either from the hook or defined by the user).  If only restrictive
policies exist then no rows will be visible, as restrictive policies
shouldn't make rows visible.  To address this requirement, a single
"USING (true)" permissive policy can be created.

Update the test_rls_hooks regression tests to create the necessary
"USING (true)" permissive policy.

Back-patch to 9.5 where RLS was added.

Per discussion with Dean.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/dee0200f0276c0f9da930a2c926f90f5615f2d64

Modified Files
--------------
src/backend/rewrite/rowsecurity.c                        |   14 ++++++++++----
.../modules/test_rls_hooks/expected/test_rls_hooks.out   |    7 +++++++
src/test/modules/test_rls_hooks/sql/test_rls_hooks.sql   |    8 ++++++++
src/test/modules/test_rls_hooks/test_rls_hooks.c         |    5 +++++
4 files changed, 30 insertions(+), 4 deletions(-)