(core) control the distribution of attachment metadata

Summary:
for users who don't automatically have deep rights
to the document, provide them with attachment metadata only
for rows they have access to. This is a little tricky to
do efficiently. We provide attachment metadata when an
individual table is fetched, rather than on initial document
load, so we don't block that load on a full document scan.
We provide attachment metadata to a client when we see that
we are shipping rows mentioning particular attachments,
without making any effort to keep track of the metadata they
already have.

Test Plan: updated tests

Reviewers: dsagal, jarek

Reviewed By: dsagal, jarek

Differential Revision: https://phab.getgrist.com/D3722

sandbox/gvisor/run.py

@@ -81,6 +81,15 @@ settings = {
   "ociVersion": "1.0.0",
   "process": {
     "terminal": include_bash,
+    # Match current user id, for convenience with mounts. For some versions of
+    # gvisor, default behavior may be better - if you see "access denied" problems
+    # during imports, try commenting this section out. We could make imports work
+    # for any version of gvisor by setting mode when using tmp.dir to allow
+    # others to list directory contents.
+    "user": {
+      "uid": os.getuid(),
+      "gid": 0
+    },
     "args": cmd_args,
     "env": env,
     "cwd": "/"
@@ -112,18 +121,6 @@ settings = {
     ]
   }
 }
-
-if not os.environ.get('GVISOR_USE_DEFAULT_USER'):
-  # Match current user id, for convenience with mounts. For some versions of
-  # gvisor, default behavior may be better - if you see "access denied" problems
-  # during imports, try setting GVISOR_USE_DEFAULT_USER. We could make imports work
-  # for any version of gvisor by setting mode when using tmp.dir to allow
-  # others to list directory contents.
-  settings['process']['user'] = {
-    "uid": os.getuid(),
-    "gid": 0
-  }
-
 memory_limit = os.environ.get('GVISOR_LIMIT_MEMORY')
 if memory_limit:
   settings['process']['rlimits'] = [