pgsql: Prohibit transaction commands in security definer procedures

Prohibit transaction commands in security definer procedures

Starting and aborting transactions in security definer procedures
doesn't work.  StartTransaction() insists that the security context
stack is empty, so this would currently cause a crash, and
AbortTransaction() resets it.  This could be made to work by
reorganizing the code, but right now we just prohibit it.

Reported-by: amul sul <sulamul@gmail.com>
Discussion:
https://www.postgresql.org/message-id/flat/CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5%3DrF6_w%3Dpq_T%3DQ%40mail.gmail.com

Branch
------
REL_11_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/3804e89bd0e94fb412d3eecb2113cc97e0f7310b

Modified Files
--------------
doc/src/sgml/ref/create_procedure.sgml              |  6 ++++++
src/backend/commands/functioncmds.c                 |  9 +++++++++
src/pl/plpgsql/src/expected/plpgsql_transaction.out | 12 ++++++++++++
src/pl/plpgsql/src/sql/plpgsql_transaction.sql      | 13 +++++++++++++
4 files changed, 40 insertions(+)