[PortalDB][Attempt 2] POC PostgREST implementation with API Autogen

[Olshansk]

This is a stripped down version of #452 so it's easier to review & understand.

Reviewing - The key thing to review are the new .sql files.

Testing - cd ./portal-db; make quickstart and follow the instructions.

Demo:

Screen.Recording.2025-10-01.at.9.55.49.PM.mov

[fredteumer]

Left a few comments -- still struggling with the security model here.

I think we're mostly there I just want to wrap my head around the final details.

[fredteumer]

I think this is our strategy for access:

Let me know if you disagree

[Olshansk]

@fredteumer So here's where we at:

1. I tried to keep things ULTRA SIMPLE for v1 without limiting us in the future.
2. I'm following best practices from postgREST regarding user switching roles (see image below): https://docs.postgrest.org/en/v12/references/auth.html
3. The authenticator will set the role to either admin (us) or reader (keep it safer
4. Regarding RBAC, portal-db/schema/002_postgrest_init.sql now has a baseline and we can improve it.

PTAL and lmk what you think. I'm still updating some of the docs & scripts.

[fredteumer]

@Olshansk Latest changes are 🔥

• JWT + SSL Certs to get into the DB
• Top level roles authenticated into the DB
• portal_db_admin and portal_db_reader for authorization/RLS
• Portal Application roles defined within the tables

This should be a sound foundation to start iterating on top of.

Approved ✔️ and left a simple typo comment to clean up.

[Olshansk]

@fredteumer Merged.

I'm pretty sure we're going to hit some issues along the way, but will figure it out along the way.

Merging this will enable kicking off the effort here: https://github.com/buildwithgrove/infrastructure/pulls?q=sort%3Aupdated-desc+is%3Apr+is%3Aopen