[4.x] Add DisallowSqliteAttach feature

[stancl]

This PR adds a new Feature class to the package: DisallowSqliteAttach.

The feature serves as the SQLite version of our permission controlled DB managers — it limits the impact of a potential SQL injection by making it impossible to connect to other databases.

In SQLite, this is done via the ATTACH statement. SQLite can be compiled without it, but all setups I've checked had ATTACH enabled in the libsqlite3 shipped with PHP. The other way to disable ATTACH is to use an authorizer, which is what this PR does. PHP 8.4 added driver specific PDO subclasses which means we may eventually get Pdo\Sqlite::setAuthorizer(), but until we do, we can use Pdo\Sqlite::loadExtension() (also a compile-time option, but all PHP setups I've tested support it). We check for the presence of that method at runtime in this feature.

From what I've tested, it seems exploiting a SQL injection in a way that'd let you use ATTACH requires many stars to align:

1. You need to be able to run SQL injection on two separate SQL statements
2. You need control over the very beginning of one of those statements. This is thanks to PDO only executing the first passed statement and discarding everything else which makes these attacks much less likely.

Nevertheless, for feature parity I'm happy to have this for SQLite. It does come at a small cost:

• More complexity since this is an actual compiled (DLL) extension. We need to ship a version for every common OS + architecture
• This now adds ~230K to the tenancy bundle size. I could extract this to a separate package but don't really feel like doing so. For comparison, just the src/Events directory which contains zero actual logic is ~200K.

TODO: Confirm that all library files work:

• noattach.dylib locally via Rosetta
• arm/noattach.dylib locally
• arm/noattach.so locally in Docker
• noattach.so in CI tests
• noattach.dll in a VM

[codecov]

Codecov Report

Attention: Patch coverage is 78.57143% with 6 lines in your changes missing coverage. Please review.

Project coverage is 84.71%. Comparing base (abe1f1f) to head (69067ed).
Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
src/Features/DisallowSqliteAttach.php	78.57%	6 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #1283      +/-   ##
============================================
- Coverage     84.74%   84.71%   -0.03%     
- Complexity     1025     1035      +10     
============================================
  Files           174      175       +1     
  Lines          3015     3043      +28     
============================================
+ Hits           2555     2578      +23     
- Misses          460      465       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.