- `SET DEFAULT ROLE xxx [FOR yyy]` should say:
  "User yyy has not been granted a role xxx" if:
    - The current user (not the user `yyy` in the FOR clause) can see the
    role xxx. It can see the role if:
      * role exists in `mysql.roles_mappings` (traverse the graph),
      * If the current user has read access on `mysql.user` table - in
    that case, it can see all roles, granted or not.
    - Otherwise it should be "Invalid role specification".

In other words, it should not be possible to use `SET DEFAULT ROLE` to discover whether a specific role exist or not.

Fixed a few failing tests

Added MAX_STATEMENT_TIME user variable to automaticly kill queries after a given time limit has expired.

- Added timer functions based on pthread_cond_timedwait
- Added kill_handlerton() to signal storage engines about kill/timeout
- Added support for GRANT ... MAX_STATEMENT_TIME=#
- Copy max_statement_time to current user, if stored in mysql.user
- Added status variable max_statement_time_exceeded
- Added KILL_TIMEOUT
- Removed digest hash from performance schema tests as they change all the time.
- Updated test results that changed because of the new user variables or new fields in mysql.user

This functionallity is inspired by work done by Davi Arnaut at twitter.
Test case is copied from Davi's work.

Documentation can be found at
https://kb.askmonty.org/en/how-to-limittimeout-queries/

mysql-test/r/mysqld--help.result:
  Updated for new help message
mysql-test/suite/perfschema/r/all_instances.result:
  Added new mutex
mysql-test/suite/sys_vars/r/max_statement_time_basic.result:
  Added testing of max_statement_time
mysql-test/suite/sys_vars/t/max_statement_time_basic.test:
  Added testing of max_statement_time
mysql-test/t/max_statement_time.test:
  Added testing of max_statement_time
mysys/CMakeLists.txt:
  Added thr_timer
mysys/my_init.c:
mysys/mysys_priv.h:
  Added new mutex and condition variables
  Added new mutex and condition variables
mysys/thr_timer.c:
  Added timer functions based on pthread_cond_timedwait()
  This can be compiled with HAVE_TIMER_CREATE to benchmark agains timer_create()/timer_settime()
sql/lex.h:
  Added MAX_STATEMENT_TIME
sql/log_event.cc:
  Safety fix (timeout should be threated as an interrupted query)
sql/mysqld.cc:
  Added support for timers
  Added status variable max_statement_time_exceeded
sql/share/errmsg-utf8.txt:
  Added ER_QUERY_TIMEOUT
sql/signal_handler.cc:
  Added support for KILL_TIMEOUT
sql/sql_acl.cc:
  Added support for GRANT ... MAX_STATEMENT_TIME=#
  Copy max_statement_time to current user
sql/sql_class.cc:
  Added timer functionality to THD.
  Added thd_kill_timeout()
sql/sql_class.h:
  Added timer functionality to THD.
  Added KILL_TIMEOUT
  Added max_statement_time variable in similar manner as long_query_time was done.
sql/sql_connect.cc:
  Added handling of max_statement_time_exceeded
sql/sql_parse.cc:
  Added starting and stopping timers for queries.
sql/sql_show.cc:
  Added max_statement_time_exceeded for user/connects status in MariaDB 10.0
sql/sql_yacc.yy:
  Added support for GRANT ... MAX_STATEMENT_TIME=# syntax, to be enabled in 10.0
sql/structs.h:
  Added max_statement_time user resource
sql/sys_vars.cc:
  Added max_statement_time variables
mysql-test/suite/roles/create_and_drop_role_invalid_user_table.test
  Removed test as we require all fields in mysql.user table.
scripts/mysql_system_tables.sql
scripts/mysql_system_tables_data.sql
scripts/mysql_system_tables_fix.sql
  Updated mysql.user with new max_statement_time field

Only allow NONE instead of a role name in SET ROLE.
Don't allow PUBLIC as a role name anywhere (to be fixed later)
Fix db_access calculations on SET ROLE
Reduce the size of role_grants and parent_grantee per-user/role arrays.
Fix the wording and specify the correct sqlstate for ER_INVALID_ROLE

mainly to avoid the pattern of
* get username/hostname/rolename
* optionally find the corresponding ACL_USER and ACL_ROLE
* allocate memory, concatenate username/hostname/rolename
* call a function passing only this memory as an argument
** use concatenated username/etc to find ACL_USER and ACL_ROLE again
** do something
* free the object

Also to undo push_dynamic we use pop_dynamic now,
not a linear search/scan through the dynamic array.

as a bonus, role@ is now an invalid way to refer to a role.

than an empty host '' is the same as any-host wildcard '%'.

Replace '' with '%' in the parser (for GRANT ... foo@'') and when loading grant tables.

Side effect: one cannot have foo@'' and foo@'%' both at the same time
(but one can have foo@'%' and foo@'%%')

Also updated tests to reflect new show grants functionality.

Fixed possible failing condition due to different order of table rows