(filing this based on discussion with Sanja)
EXPLAIN has a special relationship with security. EXPLAIN over query with
VIEWs will expose information about the structure of the VIEWs. Because of this, EXPLAIN checks SHOW_VIEW_ACL for every view it opens (code-wise, this is done in open_table)
ANALYZE-statement produces EXPLAIN output, so it should require the same permissions. It needs to also require permissions that are needed for execution.
See also: view_grant.test