(core) Fix exports to CSV/XLSX/etc when data is restricted by access rules

Summary:
- The issue manifested as error "Cannot read property '0' of undefined" in some
  cases, and as "Blocked by table read access rules" in others (instead of
  limiting output to what's not blocked)
- Goes deeper: exports weren't respecting metadata censoring.
- The fix changes exports to use censored metadata, which addresses both errors above.
- Includes an improvement to column ordering in XLSX exports.

Test Plan: Add a server test for CSV and XLSX exports with access rules

Reviewers: paulfitz, georgegevoian

Reviewed By: paulfitz, georgegevoian

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D3615

app/common/isHiddenTable.ts

@@ -7,6 +7,7 @@ import {UIRowId} from 'app/common/UIRowId';
  */
 export function isHiddenTable(tablesData: TableData, tableRef: UIRowId): boolean {
   const tableId = tablesData.getValue(tableRef, 'tableId') as string|undefined;
+  // The `!tableId` check covers the case of censored tables (see isTableCensored() below).
   return !tableId || isSummaryTable(tablesData, tableRef) || tableId.startsWith('GristHidden_');
 }
 
@@ -17,3 +18,11 @@ export function isHiddenTable(tablesData: TableData, tableRef: UIRowId): boolean
 export function isSummaryTable(tablesData: TableData, tableRef: UIRowId): boolean {
   return tablesData.getValue(tableRef, 'summarySourceTable') !== 0;
 }
+
+// Check if a table record (from _grist_Tables) is censored.
+// Metadata records get censored by clearing certain of their fields, so it's expected that a
+// record may exist even though various code should consider it as hidden.
+export function isTableCensored(tablesData: TableData, tableRef: UIRowId): boolean {
+  const tableId = tablesData.getValue(tableRef, 'tableId');
+  return !tableId;
+}