security: GUC to block access to local filesystem

[wuputah]

Discussed this a long time ago... but currently we allow DuckDB to read from the local filesystem. This is a security risk; the CSV reader is particularly easy to use here since it will read just about any plain text file.

This should instead be controllable via a GUC, default disabled, that can only be enabled by superuser.