Let's add a separate privilege BINLOG REPLAY to execute the BINLOG statement.

The original 10.5.2 idea (MDEV-21743) was to have REPLICATION SLAVE ADMIN control the BINLOG statement, however it appeared to be not flexible enough.

After this change, any user that has the SUPER privilege or the BINLOG REPLAY privilege will be allowed to execute the BINLOG STATEMENT.

Also, let's bind new 10.5.2 privileges to the following system variables:

Name               Scope            New GLOBAL privilege                New SESSION privilege

----               -------------    ---------------------------------   ---------------------

gtid_seq_no        SESSION          N/A                                 SUPER or BINLOG REPLAY

preudo_thread_id   SESSION          N/A                                 SUPER or BINLOG REPLAY

server_id          GLOBAL,SESSION   SUPER or REPLICATION MASTER ADMIN   SUPER or BINLOG REPLAY

gtid_domain_id     GLOBAL,SESSION   SUPER or REPLICATION MASTER ADMIN   SUPER or BINLOG REPLAY

As of version 10.5.1 it works as follows:

• SET for the GLOBAL variables checked for the SUPER privilege
• SET for the SESSION variables checked for the SUPER privilege

Note, server_id and gtid_domain_id will have different privileges for SET GLOBAL and SET SESSION. This is intentional:

• The global variables are needed to configure the master
• The session variables are needed to replay binary logs:

  mysqlbinlog | mysql

  where mysqlbinlog produces statements like:

  /*!100001 SET @@session.gtid_domain_id=0*//*!*/;

  /*!100001 SET @@session.server_id=1*//*!*/;

  /*!100001 SET @@session.gtid_seq_no=1*//*!*/;

  BEGIN

  /*!*/;